[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]



 
                      THE ADMINISTRATION'S USE OF 

                            FISA AUTHORITIES
=======================================================================


                                HEARING

                               BEFORE THE

                       COMMITTEE ON THE JUDICIARY

                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED THIRTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 17, 2013

                               __________

                           Serial No. 113-45

                               __________

         Printed for the use of the Committee on the Judiciary


      Available via the World Wide Web: http://judiciary.house.gov




                  U.S. GOVERNMENT PRINTING OFFICE
81-982                    WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001



                       COMMITTEE ON THE JUDICIARY

                   BOB GOODLATTE, Virginia, Chairman
F. JAMES SENSENBRENNER, Jr.,         JOHN CONYERS, Jr., Michigan
    Wisconsin                        JERROLD NADLER, New York
HOWARD COBLE, North Carolina         ROBERT C. ``BOBBY'' SCOTT, 
LAMAR SMITH, Texas                       Virginia
STEVE CHABOT, Ohio                   MELVIN L. WATT, North Carolina
SPENCER BACHUS, Alabama              ZOE LOFGREN, California
DARRELL E. ISSA, California          SHEILA JACKSON LEE, Texas
J. RANDY FORBES, Virginia            STEVE COHEN, Tennessee
STEVE KING, Iowa                     HENRY C. ``HANK'' JOHNSON, Jr.,
TRENT FRANKS, Arizona                  Georgia
LOUIE GOHMERT, Texas                 PEDRO R. PIERLUISI, Puerto Rico
JIM JORDAN, Ohio                     JUDY CHU, California
TED POE, Texas                       TED DEUTCH, Florida
JASON CHAFFETZ, Utah                 LUIS V. GUTIERREZ, Illinois
TOM MARINO, Pennsylvania             KAREN BASS, California
TREY GOWDY, South Carolina           CEDRIC RICHMOND, Louisiana
MARK AMODEI, Nevada                  SUZAN DelBENE, Washington
RAUL LABRADOR, Idaho                 JOE GARCIA, Florida
BLAKE FARENTHOLD, Texas              HAKEEM JEFFRIES, New York
GEORGE HOLDING, North Carolina
DOUG COLLINS, Georgia
RON DeSANTIS, Florida
JASON T. SMITH, Missouri

           Shelley Husband, Chief of Staff & General Counsel
        Perry Apelbaum, Minority Staff Director & Chief Counsel


                            C O N T E N T S

                              ----------                              

                             JULY 17, 2013

                                                                   Page

                           OPENING STATEMENTS

The Honorable Bob Goodlatte, a Representative in Congress from 
  the State of Virginia, and Chairman, Committee on the Judiciary     1
The Honorable John Conyers, Jr., a Representative in Congress 
  from the State of Michigan, and Ranking Member, Committee on 
  the Judiciary..................................................     3

                               WITNESSES

James Cole, United States Department of Justice
  Oral Testimony.................................................     6
Robert S. Litt, Office of Director of National Intelligence
  Oral Testimony.................................................     8
John C. Inglis, National Security Agency
  Oral Testimony.................................................     9
Stephanie Douglas, FBI National Security Branch
  Oral Testimony.................................................    12
Stewart A. Baker, Steptoe & Johnson, LLP
  Oral Testimony.................................................    67
  Prepared Statement.............................................    69
Jameel Jaffer, American Civil Liberties Union (ACLU)
  Oral Testimony.................................................    84
  Prepared Statement.............................................    86
Steven G. Bradbury, Dechert, LLP
  Oral Testimony.................................................   102
  Prepared Statement.............................................   104
Kate Martin, Center for National Security Studies
  Oral Testimony.................................................   110
  Prepared Statement.............................................   112

          LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING

Material submitted by the Honorable F. James Sensenbrenner, Jr., 
  a Representative in Congress from the State of Michigan, and 
  Member, Committee on the Judiciary.............................    18

                                APPENDIX
               Material Submitted for the Hearing Record

Questions for the Record submitted to James Cole, United States 
  Department of Justice; Robert S. Litt, Office of Director of 
  National Intelligence; John C. Inglis, National Security 
  Agency; and Stephanie Douglas, FBI National Security Branch....   136
Response to Questions from the Hearing from Stewart A. Baker, 
  Steptoe & Johnson, LLP.........................................   138
Response to Questions for the Record from Jameel Jaffer, American 
  Civil Liberties Union (ACLU)...................................   139
Response to Questions from the Hearing and for the Record from 
  Kate Martin, Center for National Security Studies..............   141


                      THE ADMINISTRATION'S USE OF 
                            FISA AUTHORITIES

                              ----------                              


                        WEDNESDAY, JULY 17, 2013

                        House of Representatives

                       Committee on the Judiciary

                            Washington, DC.

    The Committee met, pursuant to call, at 10:11 a.m., in room 
2141, Rayburn House Office Building, the Honorable Bob 
Goodlatte (Chairman of the Committee) presiding.
    Present: Representatives Goodlatte, Sensenbrenner, Coble, 
Smith of Texas, Chabot, Bachus, Forbes, King, Gohmert, Poe, 
Chaffetz, Gowdy, Labrador, Farenthold, Holding, Collins, 
DeSantis, Conyers, Nadler, Scott, Lofgren, Jackson Lee, Cohen, 
Johnson, Chu, Deutch, DelBene, Garcia, and Jeffries.
    Staff Present: (Majority) Shelley Husband, Chief of Staff & 
General Counsel; Branden Ritchie, Deputy Chief of Staff & Chief 
Counsel; Allison Halataei, Parliamentarian & General Counsel; 
Caroline Lynch, ; Sam Ramer, Majority Counsel; Kelsey 
Deterding, Clerk; (Minority) Perry Apelbaum, Minority Staff 
Director & Chief Counsel; Danielle Brown, Parliamentarian; and 
Aaron Hiller, Counsel.
    Mr. Goodlatte. Good morning. The Judiciary Committee will 
come to order. And without objection, the Chair is authorized 
to declare recesses of the Committee at any time.
    We welcome everyone to this morning's hearing on oversight 
of the Administration's use of FISA Authorities, and I will 
begin by recognizing myself for an opening statement.
    Today's hearing will examine the statutory authorities that 
govern certain programs operated under the Foreign Intelligence 
Surveillance Act, or FISA. Since the unauthorized public 
release of these programs, many Members of Congress and their 
constituents have expressed concern about how these programs 
are operated and whether they pose a threat to Americans' civil 
liberties and privacy. We have assembled two panels of 
witnesses today to help us explore these important issues.
    Last month, Edward Snowden, an unknown former NSA 
contractor and CIA employee, released classified material on 
top secret NSA data collection programs. On June 5th, the 
Guardian released a classified order issued by the Foreign 
Intelligence Surveillance Court requested by the FBI to compel 
the ongoing production for a 3-month period of call detail 
records, or telephony metadata. Telephony metadata includes the 
numbers of both parties on a call, unique identifiers, and the 
time and duration of all calls.
    On June 6th, classified information regarding a second 
program, the PRISM program, was reported by the Guardian and 
the Washington Post. News reports described the program as 
allowing the NSA to obtain data from electronic service 
providers on customers who reside outside the United States, 
including email, chat, photos, videos, stored data, and file 
transfers.
    Both of these programs are operated pursuant to statutory 
provisions in FISA or the FISA Amendments Act. FISA was enacted 
to provide procedures for the domestic collection of foreign 
intelligence. When FISA was originally enacted in 1978, America 
was largely concerned with collecting intelligence from foreign 
nations, such as the Soviet Union, or terrorist groups like the 
FARC in Colombia. FISA set forth procedures for how the 
Government can gather foreign intelligence inside the United 
States about foreign powers and their agents.
    The intelligence landscape has changed dramatically over 
the last 30 years. Today, we are confronted with ongoing 
threats from terrorist organizations, some of which are well 
structured, but most of which are loosely organized, as well as 
threats from individuals who may subscribe to certain beliefs 
but do not belong to a specific terrorist group. The FISA 
business record provision, often referred to as Section 215 of 
the PATRIOT Act, allows the FBI to access tangible items, 
including business records in foreign intelligence, 
international terrorism, and clandestine intelligence 
investigations.
    Unlike grand jury or administrative subpoenas in criminal 
investigations, which can simply be issued by a prosecutor, a 
FISA business records order must first be approved by a Federal 
judge. Similar to grand jury or administrative subpoenas, a 
FISA business record order cannot be used to search a person's 
home, to acquire the content of emails, or listen to telephone 
calls. It can only be used to obtain third-party records.
    Critics of the metadata program object to its breadth, 
namely the ongoing collection of all customers' telephony 
metadata, and question whether this program conforms to 
Congress' intent in enacting Section 215 of the PATRIOT Act. I 
hope to hear from today's witnesses about this, about how the 
collection of this metadata is relevant to a foreign 
intelligence or terrorism investigation and about whether a 
program of this size is valuable and cost effective in 
detecting and preventing terrorist plots.
    In the 40 years since FISA enactment, communications 
technologies have changed dramatically and revolutionized the 
transmission of international communications. The shift from 
wireless satellite communications to fiber optic wire 
communications altered the manner in which foreign 
communications are transmitted.
    The use of wire technology inside the United States to 
transmit a telephone call that takes place overseas had the 
unintended result of requiring the Government to obtain an 
individualized FISA court order to monitor foreign 
communications by non-U.S. persons. Congress enacted in 2008 
and reauthorized just last year the bipartisan FISA Amendments 
Act to update our foreign intelligence laws.
    The FAA permits the Attorney General and the Director of 
National Intelligence to target foreign persons reasonably 
believed to be located outside the United States to acquire 
foreign intelligence information. The act requires for the 
first time in U.S. history prior court approval of all 
Government surveillance using these authorities, including 
court approval of the Government's targeting and minimization 
procedures.
    The PRISM program derives its authority from Section 702 of 
the FAA. It involves the collection of foreign intelligence 
information about non-U.S. persons located outside the United 
States. To the extent the program captures information 
pertaining to U.S. citizens, such interception can only be 
incidental, and the handling of such information is governed by 
court-approved minimization procedures.
    I look forward to hearing from our witnesses today in 
greater detail about how the Government limits its targeting 
under 702 to non-U.S. persons outside the U.S. and a 
description of the oversight performed by the Administration 
and the FISC of this program, including the effectiveness of 
the current auditing of Section 702.
    The terrorist threat is real and ongoing. The Boston 
bombing reminded us all of that. I am confident that everyone 
in this room wishes that tragedy could have been prevented. We 
cannot prevent terrorist attacks unless we can first identify 
and then intercept the terrorist.
    However, Congress must ensure that the laws we have enacted 
are executed in a manner that is consistent with congressional 
intent and that protects both our national security and our 
civil liberties. We must ensure that America's intelligence 
gathering system has the trust of the American people.
    It is now my pleasure to recognize the Ranking Member of 
the full Committee, the gentleman from Michigan, Mr. Conyers, 
for his opening statement.
    Mr. Conyers. Thank you, Chairman Goodlatte and Members of 
the Committee.
    We are on Judiciary, which is the Committee of primary 
jurisdiction for both of the authorities we are here to discuss 
today, Section 215 of the PATRIOT Act and Section 702 of the 
FISA Amendments Act. Over the past decade, the Members of this 
Committee have vigorously debated the proper balance between 
our safety and our constitutional right to privacy.
    And so, I join in welcoming the two panels--four each, very 
fairly made up--to this discussion today. I think it is an 
important one.
    But we never at any point during this debate have approved 
the type of unchecked sweeping surveillance of United States 
citizens employed by our Government in the name of fighting the 
war on terrorism. Section 215 authorizes the Government to 
obtain certain business records only if it can show to the FISA 
court that the records are relevant to an ongoing national 
security investigation.
    Now what we think we have here is a situation in which if 
the Government cannot provide a clear public explanation for 
how its program is consistent with the statute, then it must 
stop collecting this information immediately. And so, this 
metadata problem to me has gotten quite far out of hand, even 
given the seriousness of the problems that surround it and 
created its need.
    Now I have another concern that pertains to the 
Administration's track record of responding to the criticisms 
of these programs. We know Director Clapper's misstatements and 
others. National Security Agency Director General Keith 
Alexander had to make retractions. Even FBI Director Robert 
Mueller is not empowered to rewrite history.
    But what we have is our conversation, which requires 
focusing on improving both more public scrutiny and 
congressional oversight of these programs. Over the last few 
weeks, the Administration has asserted that its conduct of this 
surveillance with congressional support because they have 
briefed some Members of these programs in the past. But that is 
not sufficient since we are in a catch-22 situation in a 
classified briefing in a secure setting, and we cannot discuss 
it publicly, certainly not even with our constituents. But if 
we skip the briefing, we risk being uninformed and unprepared.
    One simple solution to this problem would be to publicly 
release significant FISA court opinions or, at the very least, 
unclassified summaries of these opinions. This solution would 
have the added benefit of subjecting the Government's legal 
claims to much-needed public scrutiny.
    Over the past decade, the court has developed a body of law 
that instructs the Government about what it may do with the 
information it collects. There is no legitimate reason to keep 
this legal analysis from public interest any longer. And if we 
are to strike the right balance with these surveillance 
authorities, which I think is an important purpose of the 
hearing today, then we must bring the public into the 
conversation as soon as it is appropriate and without delay.
    And I am not talking about releasing any classified 
information. Instead of simply asking our constituents to trust 
us, I am asking you and the executive branch to trust them. And 
the need for more declassification I think is very dominant, in 
my opinion, as to how we should move this today.
    And I thank the Chair.
    Mr. Goodlatte. I thank the Ranking Member for his comments 
and would say in regard I share his concern about some 
classified information that does not need to be classified.
    I also would say that because of the nature of the 
questions that we would like to ask, some of which cannot be 
asked or answered here in an open hearing, we will definitely 
be planning a second hearing on this subject, where we can ask 
those questions in a classified setting to, again, assure 
ourselves of the answers that we need.
    Before we begin with questions for our witnesses, I want to 
stress that the--oh, first of all, without objection, all our 
Members' opening statements will be made a part of the record.
    Before we begin with questions for our witnesses, I must 
stress that the programs this hearing is addressing remain 
classified. I expect the witnesses appearing before us today, 
particularly on our first panel, to answer questions from 
Members with as much candor as possible, given the unclassified 
setting.
    But I also wish to caution Members of the Committee that 
they should be cognizant of this unique dynamic when phrasing 
their questions. The simple fact that certain programs have 
been leaked does not mean that they have been declassified, and 
Members and witnesses alike would be violating the law were 
they to disclose classified information during this hearing.
    I would also like to note that the Committee intends to 
hold a subsequent classified briefing for Members so that we 
have an opportunity to more closely examine those programs and 
pose questions to our witnesses that are not appropriate in 
this open setting.
    We welcome our first panel today. And if you would all 
please rise, we will begin by swearing in the witnesses.
    [Witnesses sworn.]
    Mr. Goodlatte. Thank you very much.
    Let the record reflect that all of the witnesses responded 
in the affirmative, and we will now proceed to introduce our 
witnesses.
    Our first witness is Mr. James Cole, the Deputy Attorney 
General of the United States at the Department of Justice. Mr. 
Cole first joined the agency in 1979 as part of the Attorney 
General's Honors Program and served the department for 13 years 
as a trial lawyer in the Criminal Division.
    He entered private practice in 1992 and was a partner at 
Bryan Cave, LLP, from 1995 to 2010, specializing in white-
collar defense. Mr. Cole has also served as chair of the 
American Bar Association White Collar Crime Committee and as 
chair-elect of the ABA Criminal Justice Section.
    Mr. Cole received his bachelor's degree from the University 
of Colorado and his juris doctor from the University of 
California at Hastings. We are fortunate to have him and his 
expertise with us today.
    Our second witness is Mr. Robert S. Litt, the second 
general counsel of the Office of the Director of National 
Intelligence. Previously, Mr. Litt was a partner at Arnold & 
Porter, LLP, and served as a member of the Advisory Committee 
to the Standing Committee on Law and National Security at the 
American Bar Association. From 1994 to 1999, he served as 
Deputy Assistant Attorney General at the U.S. Department of 
Justice, where he worked on issues of national security, 
including FISA applications.
    He began his legal career as a clerk for Judge Edward 
Weinfeld of the Southern District of New York and Justice 
Potter Stewart of the United States Supreme Court. Mr. Litt 
earned his bachelor's degree from Harvard University and his 
law degree from Yale. We welcome his experience and expertise.
    The third member of our first witness panel is Mr. John C. 
Inglis, the Deputy Director and senior civilian leader of the 
National Security Agency, acting as the agency's Chief of 
Operations. Mr. Inglis began his career at NSA as a computer 
scientist within the National Computer Security Center.
    Promoted to NSA's Senior Executive Service in 1997, he 
subsequently served in a variety of senior leadership 
assignments and twice served away from NSA headquarters, first 
as a visiting professor of computer science at the United 
States Military Academy and later as the U.S. special liaison 
to the United Kingdom.
    Mr. Inglis is a graduate of the United States Air Force 
Academy, subsequently completing 9 years of active service and 
21 years as a member of the Air National Guard. He holds 
advanced degrees in engineering and computer science from 
Columbia University, Johns Hopkins University, and the George 
Washington University. And we thank him for joining us and 
sharing his expertise as well.
    And finally on the first panel, Ms. Stephanie Douglas, 
Executive Assistant Director of National Security Branch of the 
Federal Bureau of Investigations. Ms. Douglas began as a 
special agent with the FBI in November 1989. She first reported 
to the Washington Field Office, where she worked violent crime, 
public corruption, and national security matters.
    Before returning to the FBI headquarters in 2007, she 
served as an FBI detailee to the CIA's Counterintelligence 
Center, as well as supervisory special agent for a 
counterintelligence squad at the Washington Field Office, 
directing sensitive national security investigations. Before 
assuming her current post, Ms. Douglas was special agent-in-
charge of the San Francisco Division.
    Ms. Douglas earned her bachelor's degree in history at the 
University of Tennessee, and we are pleased to have her share 
her expertise with us today as well.
    We thank all of you for joining us, and we will turn first 
to Mr. Cole for his testimony.

                   TESTIMONY OF JAMES COLE, 
              UNITED STATES DEPARTMENT OF JUSTICE

    Mr. Cole. Thank you, Mr. Chairman, Mr. Ranking Member, and 
Members of the Committee, for inviting us here to speak about 
the 215 business records program and Section 702 of FISA.
    With these programs and other intelligence activities, we 
are constantly seeking to achieve the right balance between the 
protection of national security and the protection of privacy 
and civil liberties. We believe these two programs have 
achieved the right balance.
    First of all, both programs are conducted under laws passed 
by Congress. Neither is a program that has been hidden away or 
off the books. In fact, all three branches of Government play a 
significant role in the oversight of these programs.
    The judiciary, through the Foreign Intelligence 
Surveillance Court, plays a role in authorizing the programs 
and overseeing compliance. The executive branch conducts 
extensive internal reviews to ensure compliance. And Congress 
passes the laws and oversees our implementation of those laws 
and determines whether or not the current law should be 
reauthorized and in what form. I would like to explain in more 
detail how this works with respect to each of the two programs.
    The 215 program, as many of you have already heard, 
involves the collection of metadata from telephone calls. These 
are telephone records maintained by the phone companies.
    They include the number that was dialed, the date and time 
of the call, and the length of the call. They do not include 
names or other personal identifying information. They do not 
include cell site or other location information, and they do 
not include the content of any phone calls.
    These are the kinds of records that under longstanding 
Supreme Court precedent are not protected by the Fourth 
Amendment. The short court order that you have seen published 
in the newspapers only allows the Government to acquire these 
phone records. It does not allow the Government to access or 
use them. That is covered by another, more detailed court 
order.
    That court order provides that the Government can only 
search the data if it has a reasonable, articulable suspicion 
that the phone number being searched is associated with certain 
terrorist organizations. Deputy Director Inglis will explain in 
more detail how this process works.
    But suffice it to say that there are many restrictions 
imposed on NSA to ensure that only properly trained analysts 
may access the data and that they can only access it with 
reasonable, articulable suspicion as a predicate and when it 
has been met and documented. The documentation of the analysts' 
justification is important. It exists so that it can be 
reviewed by supervisors before the search is done and audited 
afterwards to ensure compliance with the court's orders.
    In the criminal context, the Government could obtain these 
types of records with a grand jury subpoena without going to 
court. But here, we go to court every 90 days to seek the 
court's authorization to collect the records. As part of the 
renewal process, we inform the court whether there have been 
any compliance problems. And if there have been, the court will 
take a very hard look and make sure we have corrected these 
problems.
    As we have explained before, the 11 judges on the FISA 
court are far from rubber stamps. Instead, they review all of 
our pleadings thoroughly. They question us, and they don't sign 
off until they are satisfied that we have met all statutory and 
constitutional requirements.
    The 702 program is different. Under that program, the 
Government does collect content of communications. Under 702, 
the Government applies to the FISA court for an order allowing 
it to collect the communications of non-U.S. persons reasonably 
believed to be overseas. This order lasts for 1 year.
    The statute does not allow us to collect--or excuse me, 
does allow us to collect--communications even if the person on 
the other end of that phone call or email is in the United 
States or a U.S. person, but only if that is the result of a 
non-U.S. person outside the United States having initiated the 
call.
    Importantly, the statute explicitly prohibits us from what 
is known as ``reverse targeting.'' We can't use Section 702 
indirectly to obtain the communications of U.S. persons 
anywhere or any persons located in the United States by 
targeting a non-U.S. person overseas.
    Moreover, all U.S. person information collected is subject 
to what we call minimization rules. These rules are designed to 
restrict the dissemination, the use, and the retention of the 
information about U.S. persons collected. These rules are 
reviewed and approved by the court every year to ensure that we 
are handling U.S. person information in a manner consistent 
with the statute and the Fourth Amendment.
    Both programs involve significant oversight by all three 
branches of Government. The FISA court reviews and approves the 
certifications and the Government's targeting and minimization 
rules, and it oversees the Government's compliance with these 
rules, the statute, and the Fourth Amendment.
    Within the executive branch, multiple parts of the 
Government--NSA, its Inspector General, the Office of the 
Director of National Intelligence, and the Department of 
Justice--conduct robust compliance reviews and provide 
extensive reports on implementation and compliance to the FISA 
court and to the Intelligence and Judiciary Committees.
    And Congress conducts oversight, decides whether to 
reauthorize the 702 authority, as it did in 2012 and as it did 
with 215 authority in 2011.
    We take very seriously our responsibility to the American 
people to implement these programs in a manner that complies 
with all laws and the Constitution and strikes the right 
balance between protecting their safety and their privacy. I 
know others on the panel have brief statements to make, and 
then we are all ready to answer any questions you may have.
    Thank you.
                              ----------                              


    Mr. Goodlatte. Thank you, Mr. Cole.
    Mr. Litt, welcome.

                 TESTIMONY OF ROBERT S. LITT, 
          OFFICE OF DIRECTOR OF NATIONAL INTELLIGENCE

    Mr. Litt. Thank you, Mr. Chairman, Mr. Ranking Member.
    We appreciate your having this hearing. We think it is very 
important to correct some of the misimpressions that have been 
created about these activities, which, as the Deputy Attorney 
General explained, are entirely lawful and appropriate for 
protecting the Nation.
    In my opening statement, I would like to make three related 
points about the Foreign Intelligence Surveillance Court. The 
first is that the activity that this court regulates, which is 
the acquisition of foreign intelligence for national security 
purposes, was historically outside of all judicial supervision. 
In fact, courts have held that the Fourth Amendment does not 
require a warrant at all for the conduct of surveillance for 
foreign intelligence purposes.
    FISA was passed in 1978 and at that time established for 
the first time a requirement that we get a judicial order in 
order to conduct certain kinds of foreign intelligence or 
counterintelligence activities within the United States. But at 
the time FISA was passed, it was clear that the Congress did 
not intend that FISA would cover electronic surveillance 
directed at non-U.S. persons outside of the United States for 
foreign intelligence purposes.
    And as you noted in your opening statement, because of 
technological changes in the way international communications 
are carried, over time more and more such surveillance--that is 
to say foreign intelligence surveillance directed at non-U.S. 
persons outside of the United States--more and more of that 
began to fall within the technical definitions that required 
FISA court approval, even though that was not what Congress had 
intended.
    So, in the FISA Amendments Act, Congress set up the 
procedure of Section 702, which the Deputy Attorney General 
described, to provide a degree of judicial supervision over 
some kinds of foreign intelligence surveillance of foreigners 
outside the United States. Properly viewed then, Section 702 is 
not a derogation of the authority of the FISA court, but an 
extension of the court's authority over a type of surveillance 
that Congress originally had not intended would be subject to 
the court at all.
    The extent to which this Nation involves the courts in 
foreign intelligence surveillance goes well beyond what is 
required by the Fourth Amendment and I think beyond what other 
countries require of their intelligence services.
    The second point I want to make is to forcefully rebut the 
notion that some have advanced that the FISA court is a rubber 
stamp. It is true that the court approves the vast majority of 
applications that the Government presents to it. But that does 
not reflect any lack of independence or lack of care on the 
part of the court.
    Quite the contrary, the judges of the court and their full-
time professional staff review each application carefully, ask 
questions, and can request changes or limitations. And an 
application is not signed unless and until the judge is 
satisfied that the application complies with the statute and 
the Fourth Amendment.
    And these are some of the best and most experienced Federal 
judges in the country, and they take seriously their twin 
obligations to protect national security and to protect 
individual rights.
    Finally, we agree with the Ranking Member and the Chairman 
that we should strive for the maximum possible transparency 
about the activities of the court, consistent with the need to 
protect sensitive sources and methods. We have been working for 
some time to declassify the court's opinions to the extent 
possible.
    But legal discussions and court opinions don't take place 
in a vacuum. They derive from the facts of the particular case. 
And I want to quote here from Judge Walton, who is now chief 
judge of the FISA court, who said in a letter to the Senate 
Intelligence Committee.
    ``Most FISC opinions rest heavily on the facts presented in 
the particular matter before the court. Thus, in most cases, 
the facts and legal analysis are so inextricably intertwined 
that excising the classified information from the FISC's 
analysis would result in a remnant void of much or any useful 
meaning.''
    That is an excellent and pithy summary of the challenge we 
face in trying to declassify these opinions. Of course, as you 
know, we do provide copies of all significant opinions of the 
FISC to the Judiciary and the Intelligence Committees of both 
houses. And I can tell you that in light of the recent 
disclosures, we are redoubling our efforts to try to provide 
meaningful public insight into the rulings of the FISA court, 
again to the extent we can do that consistent with the need to 
protect our intelligence activities.
    With that, Mr. Chairman, I am glad to answer any questions 
that you have.
    Thank you.
                              ----------                              


    Mr. Goodlatte. Thank you, Mr. Litt.
    Mr. Inglis, welcome.

     TESTIMONY OF JOHN C. INGLIS, NATIONAL SECURITY AGENCY

    Mr. Inglis. Good morning, sir.
    Mr. Chairman, Mr. Ranking Member, Members of the Committee, 
thank you for the opportunity to join with my colleagues here 
today from the executive branch to brief and discuss with the 
Committee issues that you have identified in your opening 
remarks. I am privileged today to represent the work of 
thousands of NSA, intelligence community, and law enforcement 
personnel who employ the authorities provided by the combined 
efforts of the Congress, Federal courts, and the executive 
branch.
    For its part, NSA is necessarily focused on the generation 
of foreign intelligence. But we have worked hard and long with 
counterparts across the U.S. Government and our allies to 
ensure that we discover and connect the dots, exercising only 
those authorities explicitly granted to us and taking care at 
once to ensure the protection of civil liberties and privacy.
    In my opening remarks, I would like to briefly review the 
two NSA programs leaked to the media a little more than a month 
ago, their purpose, and the controls imposed on their use--the 
so-called 215 program authorizing the collection of telephone 
metadata and the so-called PRISM program authorized under 
Section 702 of the Foreign Intelligence Surveillance Act 
Amendment.
    Let me first say that these programs are distinguished, but 
complementary tools with distinct purposes in oversight 
mechanisms. Neither of the programs was intended to stand 
alone, delivering singular results that tells the whole story 
about a particular threat to our Nation or its allies.
    Useful intelligence, the kind decision-makers should use as 
the foundation of thoughtful action, is usually the product of 
many leads--some of which focus and sharpen the collection of 
additional data, some of which help connect and make sense of 
that data, and the sum of which is intended to yield the 
decisive and actionable conclusions that enable timely and 
precise employment of traditional instruments of national 
power, such as law enforcement and diplomacy.
    The first program, which we undertake under Section 215 of 
the PATRIOT Act, as you heard described earlier today, 
authorizes the collection of telephone metadata only. It does 
not allow the Government to listen to anyone's phone calls.
    The program was specifically developed to allow the U.S. 
Government to detect communications between terrorists who are 
operating outside the United States and who are communicating 
with potential operatives inside the United States, a gap 
highlighted by the attacks of 9/11. In a phrase, this program 
is designed and solely focused on the seam between foreign 
terrorist organizations and the U.S. homeland.
    However useful the data might be that is acquired under 
this program for other purposes, its use for any other purpose 
is prohibited. The metadata acquired and stored under this 
program may be queried only when there is a reasonable, 
articulable suspicion, one that you can describe and write 
down, based on specific facts that a selector, which is 
typically a phone number, is associated with a specific foreign 
terrorist organization.
    During 2012, we only initiated searches for information in 
this dataset using fewer than 300 unique identifiers. The 
information returned from these searches only included phone 
numbers, not the content, the identity, or location of the 
called or calling party.
    Under rules approved by the court, only 22 people at NSA 
are allowed to approve the selectors used to initiate the 
search in this database. All queries are audited. Only 7 
positions at NSA, a total of 11 people, are authorized to 
release the query results believed to be associated with 
persons in the United States.
    Reports are filed with the court every 30 days that specify 
the number of selectors that have been approved and the 
disseminations made to the FBI of reports that contain numbers 
believed to be in the U.S.
    The Department of Justice conducts onsite review of the 
program every 90 days. The executive branch, the Department of 
Justice, reports to the court and the Congress on renewal 
orders every 90 days, with an update on types of records 
sought, received, or denied on an annual basis.
    The second program, which we operate under Section 702 of 
the FISA--the Foreign Intelligence Surveillance Act--authorizes 
the collection of communications for the purpose of foreign 
intelligence with the compelled assistance of electronic 
communications service providers, sometimes called 
telecommunications providers. Under this authority, NSA can 
collect communications for foreign intelligence purposes only 
when the person who is the target of our collection is a 
foreigner who is at that moment outside the United States.
    As you have heard earlier, we cannot use this authority to 
intentionally target any U.S. citizen or other U.S. person, any 
person known to be in the United States, a person outside the 
United States if our purpose in targeting that person is to 
acquire information from a person inside the United States. 
This program has been key to our counterterrorism efforts. More 
than 90 percent of information to support the 50 disruptions 
that you will hear my colleague from the FBI briefly describe 
came from Section 702 authorities.
    A bit more about oversight. The oversight on these programs 
operates under controls both internal and external to NSA, 
including actions taken by the Department of Justice, the 
Office of the Director of National Intelligence. There are 
regular onsite inspections and audits. There are semi-annual 
reports provided to the Congress and the Foreign Intelligence 
Surveillance Court.
    The men and women at NSA are not simply committed to 
compliance with the law and the protection of privacy and civil 
liberties, but they are actively trained and must be held 
accountable to standards for that performance. This is also 
true of contractors. The actions of one contractor should not 
tarnish all contractors because they also do great work for our 
Nation.
    In concluding, I would note that our primary responsibility 
at the National Security Agency--not alone, but across the 
Federal Government--is to defend the Nation. These programs are 
a core part of those efforts. We use them to protect the lives 
of Americans and our allies and partners worldwide.
    Over 100 Nations are capable of collecting signals 
intelligence or operating a lawful intercept capability like 
the one you are hearing described today. I think our Nation is 
amongst the very best in protecting privacy and civil 
liberties.
    We look forward to the discussions that you have encouraged 
today, but I also appreciate that this discussion takes place 
at an unclassified level. I especially appreciate that the 
Committee Chairman and the Committee have allowed for the 
possibility that we might have classified discussions in an 
appropriate setting because the leaks that have taken place of 
classified information have constituted an irresponsible and 
real damage to the capabilities that we will describe today.
    Finally, whatever choices are made by this Nation on the 
matter before us, in consultation and collaboration across the 
three branches of Government, I assure you that NSA will 
faithfully implement those choices in both spirit and 
mechanism. To do otherwise would be to fail to take the only 
oath that we take, to support and defend the whole of the U.S. 
Constitution. That includes the protection both of national 
security and civil liberties.
    And sir, I look forward to your questions.
                              ----------                              


    Mr. Goodlatte. Thank you, Mr. Inglis.
    Ms. Douglas, welcome.

                TESTIMONY OF STEPHANIE DOUGLAS, 
                  FBI NATIONAL SECURITY BRANCH

    Ms. Douglas. Thank you, and good morning, Chairman 
Goodlatte, Ranking Member Conyers, and Members of the 
Committee. And thank you for an opportunity to be here today.
    As you know, NSA and FBI enjoy a unique relationship, one 
which has been invaluable since the events of 9/11. The 
authorized tools available under the business records 215 and 
FISA 702 complement many of the other investigative tools we 
apply to our national security cases.
    Together with human sources, physical surveillance, and 
other logical investigation, 215 and 702 play a role in 
providing us a more full understanding of our risks and gives 
us an opportunity to proactively address national security 
threats. I would like to give you just a few examples of where 
these tools have played a significant role, specifically in 
counterterrorism investigations.
    And the first case I want to note is one that is very 
familiar to this Committee, and that is of Najibullah Zazi. In 
early September 2009, NSA, using their authorities under 702, 
intercepted a communication between an al-Qaeda courier located 
in Pakistan and an unknown U.S. person--U.S.-based person. This 
U.S.-based person was inquiring about efforts to procure and 
use explosive materials, and there was some urgency in his 
communication.
    NSA advised the FBI as to this communication, as it 
represented a potential imminent threat to the homeland. Based 
on the nature of the threat information, the FBI initiated a 
full investigation and submitted a national security letter to 
identify the subscriber. The subscriber came back to an 
individual named Najibullah Zazi located in Denver, Colorado.
    Additionally, NSA ran a phone number identifiable with Mr. 
Zazi against the information captured under 215. NSA queried 
the phone number and identified other Zazi associates. One of 
those numbers came back to Adis Medunjanin, an Islamic 
extremist located in Queens, New York.
    The FBI was already aware of Mr. Medunjanin, but 
information derived from 215 assisted in defining Zazi's 
network and provided corroborating information relative to 
Medunjanin's connection to Zazi. Just a few weeks after the 
initial tip by NSA, both Zazi and Medunjanin were arrested, 
along with another co-conspirator. They were charged with 
terrorist acts and a plot to blow up the New York City subway 
system.
    As you already know, the Zazi case was the most serious 
threat to the homeland since 9/11. The importance of the Zazi 
case is that it was initiated on information provided by NSA, 
which they acquired under 702, their coverage of an al-Qaeda 
operative overseas. Without this tip, we can only speculate as 
to what may have happened.
    This was a fast-paced investigation and one in which time 
was of the essence. The combined tools of 702 and 215 enabled 
us to not only begin the investigation, but to better 
understand the possible network involved in an active plot to 
the homeland.
    I would like to also represent one case to you specific to 
the business record 215 authority. In 2003, the FBI initiated a 
case on an individual identified as Basaaly Moalin. It was 
based on an anonymous tip that he was somehow connected to 
terrorism.
    In 2004, the case was closed without sufficient information 
to move forward on the investigation. However, 3 years later, 
in October 2007, NSA provided a phone number to the FBI with an 
area code which came back to an area consistent with San Diego. 
NSA found this phone number was in contact with an al-Qaeda 
East African-affiliated person.
    Once provided to the FBI, we initiated an investigation, 
submitted a national security letter for the subscriber of the 
phone number, and determined that it was Mr. Moalin, the 
subject of the previously closed case. Subsequent investigation 
led to the identification of others, and to date, Moalin and 
three others have been convicted of material support for 
terrorism.
    The relevance of this case to 215 is that if that 
information had not been tipped to the FBI, it is unknown if we 
would have ever looked at Mr. Moalin again.
    As you know, there are many other instances of the use of 
these authorities and their application to counterterrorism 
investigations.
    Thank you, and I am happy to answer your questions
                              ----------                              


    Mr. Goodlatte. Thank you, Ms. Douglas.
    And I will begin the questioning. With regard to the point 
raised by the Ranking Member with regard to declassification, I 
just want to say that with regard to the Section 702 
surveillance of noncitizens of the United States outside the 
United States, I think there would be few Americans who would 
be surprised that our Government engages in intelligence 
gathering with regard to those individuals.
    And they would know it even more clearly by looking at the 
statutes and the amendments to the statutes that have been 
passed over the years, that this type of activity is clearly 
authorized in the law.
    With regard to 215, there is some controversy about whether 
this particular program is authorized under the law. And you 
will hear more about that shortly, and I will have a question 
myself. But my first question to you is why would it not have 
made sense--given the magnitude of this program, I am, frankly, 
surprised it has remained secret until recently for the several 
years that it has.
    Why not simply have told the American people that we are 
engaging in this type of activity in terms of gathering the 
information? It doesn't give away any national security secrets 
in terms of the particular information gathered that might lead 
to successes like the one just described by Ms. Douglas. But it 
might have engendered greater confidence in the public with 
regard to understanding how the program works and public 
support for it.
    Mr. Cole, Mr. Litt, would you care to answer that?
    Mr. Litt. Sure. The problem is that I think that a judgment 
was made that to disclose the existence of this program would, 
in fact, have provided information to people who were seeking 
to avoid our surveillance, that it would tell them that we are 
looking for the communications they are having with Americans, 
and we are using that as a basis of tracking them and 
identifying their confederates within the United States.
    And so, the judgment was made a number of years ago when 
this program was started that it should be kept classified. It 
was not, of course, withheld from the oversight Committees in 
Congress. And as others have noted, briefings on it were 
offered to all Members of Congress before it was reauthorized. 
But the decision was made that this is the sort of sensitive 
source and method that we don't want to disclose.
    Mr. Goodlatte. Do you think a program of this magnitude, 
gathering information involving a large number of people 
involved with telephone companies and so on, could be 
indefinitely kept secret from the American people?
    Mr. Litt. Well, we tried.
    Mr. Goodlatte. I understand. [Laughter.]
    So let me ask a follow-up question to you and Mr. Cole, and 
that would be how exactly does Section 215's wording authorize 
the Government to operate a program for the collection of 
metadata? Can you walk the Committee through the Government's 
interpretation of the statute that lends itself to arguing that 
you can do metadata collection?
    Mr. Cole. Certainly, Mr. Chairman. I think you have to 
start with the fact that when you look at 215 and the orders 
that the court issues under 215, there are two of them. You 
can't look at them separately. You have to look at how they 
interact and operate together.
    And I think that is very, very important in understanding 
how this is relevant to an investigation concerning these 
terrorist organizations. You can't just wander through all of 
these records. There are very strict limitations on how you can 
access or how you can use these under what is called the 
primary order.
    You have to have reasonable, articulable suspicion that a 
specific phone number, which they call a selector, is involved 
with one of these specified terrorist organizations. And then, 
and only then, after you have documented that reasonable, 
articulable suspicion can you query this database to find out 
what other phone numbers that specific terrorist-related phone 
number has been in contact with.
    Mr. Goodlatte. Let me follow up on that question because 
how is the collection of all of a telephone company's telephone 
metadata relevant to a foreign intelligence or international 
terrorism investigation, an investigation?
    Mr. Cole. It is only relevant to the extent that you need 
all of that information in order to do the query of the 
reasonably articulated suspicion.
    Mr. Goodlatte. Well, certainly, the acquisition of the type 
of information collected under this program is relevant to an 
investigation of an individual or group suspected of terrorism. 
But how do you and how does the FISC rationalize the collection 
of all of the data as being relevant to an investigation?
    Mr. Cole. There are two main reasons. One is the length of 
time that these records are kept by the phone companies varies, 
and they may not keep them as long as we keep them under this 
program. The court allows us to keep them for a 5-year period.
    The phone companies don't necessarily do that. The periods 
vary, and some can be as short as 15 or 18 months.
    Mr. Goodlatte. Mr. Inglis, with regard to Section 702, what 
happens if you incidentally collect information from a U.S. 
person? Can you explain how the minimization procedures apply 
to that, and what do you mean by minimization?
    Mr. Inglis. Yes, sir. There are court-approved rules that 
we call minimization procedures. What they do is they say that 
if in targeting a foreign person under 702 who you believe to 
be in a foreign location to derive foreign intelligence, and 
you discover that you have also collected a communication that 
involves a U.S. person. They might be the person who has 
received that communication from your person of interest. They 
might be the person who sent that communication. They might be 
referenced in that communication.
    We have an obligation to first examine whether or not that 
communication is pertinent to foreign intelligence. If the 
communication is pertinent to foreign intelligence, then we 
must take further action to essentially protect the identity of 
that U.S. person unless knowledge of that identity is important 
pursuant to the foreign intelligence purpose.
    We would, therefore, suppress the identity of that U.S. 
person in any report that we would make that focused on the 
target of our interest, and we would take action if that 
communication was not of foreign intelligence relevance to 
essentially destroy that communication in place.
    Mr. Goodlatte. How long do you retain information collected 
under 702? And you may have just answered it, but is the 
incidentally collected information about U.S. persons retained 
as well?
    Mr. Inglis. Yes. So the incidentally collected information, 
unless it is relevant to a foreign intelligence purpose or it 
is evidence of a crime or imminent death or injury to a person, 
you would destroy that on site at that time.
    Mr. Goodlatte. And other information, how long is that 
retained?
    Mr. Inglis. We would otherwise retain that for about 5 
years. Typically in our holdings, under BR FISA, the 
information is mandatorily destroyed at 5 years. For most of 
the rest of our collection, 5 years is the reference frame. We 
found that over time at about the 5-year point, it loses its 
relevance simply in terms of its temporal nature.
    Mr. Goodlatte. Thank you.
    My time is expired. The Chair recognizes the gentleman from 
Michigan, the Ranking Member Mr. Conyers, for 5 minutes.
    Mr. Conyers. Thank you, Chairman Goodlatte.
    There are a couple of questions here that haven't come up, 
and I would like to direct them to Attorney Douglas. If only 
relevant conversations can be secured under Section 215 of the 
PATRIOT Act, then why on earth would we find now that we are 
collecting the names of everybody in the United States of 
America who made any calls for the last 6 years or more?
    Ms. Douglas. Sir, we are not collecting names. 215 only 
collects phone numbers, the time and date of the phone call, 
and the duration of the phone call.
    Mr. Conyers. Well, how do you consider that to be relevant 
to anything if there is just collecting only the names--I mean, 
look, if this is an innocent pastime that we just do to keep 
busy or for some other reason, why on earth would we be 
collecting just the names--just the numbers of everybody in the 
United States of America for at least 6 years?
    Ms. Douglas. I can speak to the application against 
investigations. And in this case, for 215, it would be specific 
to counterterrorism investigations. That information enables us 
to search against connections to other--if there is 
communication between a U.S.-based phone number and a phone 
number that is overseas that is related to terrorism.
    And I know that Mr. Inglis explained to you the reasonable, 
articulable suspicion standard by which we have to actually 
search against those phone numbers.
    Mr. Conyers. Well, here we are faced with the fundamental 
problem in this hearing. We are not questioning access. We are 
talking about the collection in the first instance.
    In the first instance, when you collect the phone numbers 
of everybody in the United States for over 6 years, there 
wasn't anything relevant in those conversations. Now you have 
them, and what I have been getting out of this is that they 
may--this access may become valuable, Mr. Ranking Member, and 
so that is why we do it this way.
    But I maintain that the Fourth Amendment, to be free from 
unreasonable search and seizure, means that this metadata 
collected in such a super-aggregated fashion can amount to a 
Fourth Amendment violation before you do anything else. You 
have already violated the law, as far as I am concerned. And 
that is, in my view, the problem.
    And of course, to help further document, the first question 
that the Chairman of this Committee asked is why didn't we just 
tell everybody about it is because the American people would be 
totally outraged, as they are getting now as they become 
familiar with this, that every phone number that they have ever 
called is already a matter of record. And we skip over whether 
the collection was a Fourth Amendment violation. We just say 
that the access proved in one case or two that it was very 
important, and that is why we did it this way.
    I see this as a complete failure to take and--you know, we 
changed the PATRIOT Act to add relevancy as a standard because 
of this very same problem that has now been revealed to be 
existing. And so, I feel very uncomfortable about using 
aggregated metadata on hundreds of millions of Americans, 
everybody, including every Member of Congress and every citizen 
who has a phone in the United States of America.
    This is unsustainable. It is outrageous and must be stopped 
immediately.
    Mr. Inglis. Sir, if I may complement the answer that Ms. 
Douglas gave? With respect to the question of relevance, of 
course, it must be legally relevant, and it must, therefore, 
have operational relevance. I would like to address the 
operational relevance and then defer to my colleagues from----
    Mr. Conyers. Well, you don't--wait a minute. We are 
holding--we are handling this discussion.
    I asked her. Maybe somebody else can do it, but my time has 
expired. And I appreciate your volunteering to help out here, 
but it is clear to me that we have a very serious violation of 
the law in which the Judiciary Committee deliberately put in 
the issue of relevance, and now you are going to help me out 
and defer to somebody else. Well----
    Mr. Inglis. No, sir. I meant to actually provide additional 
information. I would be happy to take the question for the 
record if time is not allowing that.
    Mr. Conyers. Well, in all fairness----
    Mr. Goodlatte. Without objection, the gentleman is 
recognized for an additional minute to allow another member of 
the panel to answer the question if he so chooses.
    Mr. Conyers. No, I don't so choose. I am satisfied exactly 
what I have gotten from the witness that I asked the question 
to.
    Mr. Goodlatte. The Chair thanks the gentleman.
    Mr. Conyers. You are welcome.
    Mr. Goodlatte. And now recognize the gentleman from 
Wisconsin, Mr. Sensenbrenner, for 5 minutes.
    Mr. Sensenbrenner. Well, Mr. Chairman, at the risk of 
having the flag thrown at me for piling on, I want to get at 
the whole business of who decides what is relevant. Both the 
Chairman and the Ranking Member have said that the PATRIOT Act 
was amended in 2006 to include a relevance standard.
    Yesterday, I got a letter from the Justice Department, 
which was at great length explaining this, and I would ask 
unanimous consent that this letter be placed in the record at 
this time.
    Mr. Goodlatte. Without objection, it will be made a part of 
the record.
    [The information referred to follows:]
    
    
    
    
    
    
    
    


                               __________
    Mr. Sensenbrenner. Part of that letter said that, in 
effect, that all of the phone calls, meaning the telephony 
metadata, had to be collected pursuant to the court order, and 
then it would be up to the security apparatus to make a 
determination of which needles in that large haystack were 
relevant to a foreign terrorist investigation.
    Now doesn't that mean that instead of the court making a 
determination of relevance, it is the security apparatus that 
makes a determination of what is relevant and which of the less 
than 300 series of phone calls get picked out, according to 
your testimony? Mr. Cole, would you like to answer that?
    Mr. Cole. Yes, Mr. Sensenbrenner, I am happy to address 
that. What the court does is it sets out a framework and a set 
of rules that we must follow to implement its orders.
    Mr. Sensenbrenner. But they don't determine which specific 
phone calls are relevant pursuant to the statute. You do that.
    Mr. Cole. Well, we report to the court periodically on the 
implementation of this. We get it re-upped every 90 days when 
there are----
    Mr. Sensenbrenner. But you do that. The court does not.
    Mr. Cole. We--the court does not----
    Mr. Sensenbrenner. Now if there was a criminal trial 
involved, it would be the court that would be determining a 
relevance standard pursuant to subpoena or for proffered 
evidence, wouldn't it?
    Mr. Cole. Not necessarily, Mr. Sensenbrenner.
    Mr. Sensenbrenner. Okay. Well, then let me continue on 
this. You know, I have been the author of the PATRIOT Act and 
the PATRIOT Act reauthorization of 2006. Mr. Conyers was 
correct in saying why the relevance standard was put in, and 
that was an attempt to limit what the intelligence community 
could be able to get pursuant to Section 215.
    It appears to me that according to this letter and 
according to the testimony of FBI Director Mueller, that 
relevant was an expansion of what could happen rather than a 
limitation when the law was amended, when relevant was not 
included in that statute. And doesn't that make a mockery of 
the legal standard because you are trying to have it both ways?
    Mr. Cole. I don't think we are trying to have it both ways.
    Mr. Sensenbrenner. Well, you sure are because you are 
saying get--authorize, have the court authorize to get us the 
records of all the phone calls that are made to and from phones 
in the United States, including people who have nothing to do 
with any type of a terrorist investigation.
    And then what you are saying is, is that we will decide 
what to pick out of that massive maybe a billion phone calls a 
day on what we are looking at, rather than saying this person 
is a target. Why don't you get an authorization only for that 
person's telephone records?
    Mr. Cole. Again, going to the analogy of the criminal 
context, we would never in a grand jury situation or in an 
investigation that is a traditional criminal investigation even 
go to a court for the framework or the setting of rules or have 
sunsetting every 90 days of the authority or having compliance 
procedures----
    Mr. Sensenbrenner. But, Mr. Cole, with all due respect, the 
letter that I got from the department that you are the number-
two person in says that you get the FISA court order because 
there are ``reasonable grounds to believe that the data is 
relevant to an authorized investigation to protect against 
international terrorism,'' as Section 215 requires, even though 
most of the records in the dataset are not associated with 
terrorist activity.
    So you gobble up all of those records, and then you turn 
around and say, well, we will pick out maybe 300 phone numbers 
out of the billions of records that you have every day, and you 
store for 5 years there, and all the rest of this stuff is 
sitting in a warehouse, and we found out from the IRS who knows 
who wants to have any kind of illegal access to it.
    You are having it both ways. Let me tell you, as one who 
has fought PATRIOT Act fights usually against the people over 
on the other side of the aisle, Section 215 expires at the end 
of 2015, and unless you realize you have got a problem, that is 
not going to be renewed. There are not the votes in the House 
of Representatives to renew Section 215, and then you are going 
to lose the business record access provision of the PATRIOT Act 
entirely.
    It has got to be changed, and you have to change how you 
operate Section 215. Otherwise, in the year and a half or 2\1/
2\ years, you are not going to have it anymore.
    And I yield back.
    Mr. Goodlatte. The Chair thanks the gentleman and 
recognizes the gentleman from New York, Mr. Nadler, for 5 
minutes.
    Mr. Nadler. Thank you.
    The problem, obviously, Mr. Cole, with what we are hearing 
from this panel and what we have heard generally about the 
relevant standard is that everything in the world is relevant. 
And that if we removed that word from the statute, you wouldn't 
consider or the FISA court wouldn't consider that it would 
affect your ability to collect metadata in any way whatsoever, 
which is to say you are disregarding the statute entirely.
    Now in public briefings, including to this Committee when 
we were considering reauthorization of Section 215, 
Administration officials have suggested that we view the 
authority of Section 215 as similar to a grand jury subpoena. 
And we specified in the statute that an order under Section 215 
``may only require the production of a tangible thing if such 
thing can be obtained'' through a grand jury subpoena.
    Now can you give me, Mr. Cole, any examples where grand 
jury subpoenas were used to allow the bulk ongoing collection 
of telephone metadata?
    Mr. Cole. It is difficult to go into specific examples of 
what grand jury subpoenas call for----
    Mr. Nadler. Are there any such----
    Mr. Cole [continuing]. Because those are subject to the 
rules of secrecy under Rule 6.
    Mr. Nadler. Oh, come on. Are there any--are there any 
instances in the history of the United States that you know of 
where a grand jury subpoena said get every--get all information 
other than the content of a telephone call of all telephone 
calls in the United States or anything like that?
    Mr. Cole. The admonition in the statute is that it is the 
types of records that are collected by grand jury subpoena, not 
that it is an identical process to the grand jury process 
because this is quite different from a grand jury process.
    Mr. Nadler. All right. The type of data----
    Mr. Cole. The FISA court involves----
    Mr. Nadler. Excuse me. The type of data--the type of data 
is metadata unlimited to specific individuals.
    Mr. Cole. The type of data is metadata and that----
    Mr. Nadler. Unlimited to specific individuals because it is 
directed to everybody. Can you give--it is directed to every 
phone call in the United States. Can you give me any example 
where a grand jury subpoena has ever been used for anything 
remotely like that?
    Mr. Cole. These are instances where we have gone to the 
court under the 215 requirements with the relevancy----
    Mr. Nadler. You are not answering my question. Can you give 
me any example in the history of the United States where a 
subpoena, a grand jury subpoena was used for anything remotely 
resembling all metadata not to specific phones or to specific 
individuals?
    Mr. Cole. Grand jury subpoenas have a different function 
than a 215 under the PATRIOT Act----
    Mr. Nadler. I understand that. But the statute says----
    Mr. Cole. It is hard to equate the two, Mr. Nadler.
    Mr. Nadler. You are not answering my question. You are 
deliberately not answering. We know they have a different 
function. But the statute says that it may only require the 
production of a tangible thing if such a thing can be obtained 
through a grand jury subpoena.
    Could you obtain through a grand jury procedure all 
metadata without being limited to specific named individuals or 
specific listed telephones?
    Mr. Cole. I think it would depend on the circumstances, the 
limitations that the court would----
    Mr. Nadler. Okay. Is there is any instance in history----
    Mr. Cole [continuing]. The nature of the investigation, and 
then, yes, I think there are instances where a court in the 
right circumstances could authorize that.
    Mr. Nadler. And could you give me any instance in history 
where that has ever been done?
    Mr. Cole. I am not aware of one, sitting here right now.
    Mr. Nadler. You are not aware of one. Could you supply us, 
please, with any instance because I believe this is totally 
unprecedented and is way beyond the statute. And you can't give 
me any instance because it doesn't exist.
    So within a week or two, could you supply this Committee 
with that information?
    Mr. Cole. Depending on the restrictions of Rule 6 of the 
Criminal Rules of Procedure, which prohibit disclosing grand 
jury information, we will take that record back for response--
that question back for response.
    Mr. Nadler. And can you give us an example where ongoing 
bulk collection has been allowed by virtue of grand jury 
subpoena without a showing of the connection between those 
tangible things and a specific existing investigation?
    Mr. Cole. Well, in this instance, we are showing it as a 
relationship to a specific investigation and specific phone 
number. We have to show reasonable----
    Mr. Nadler. No, only for use of that information, not for 
collection of it.
    Mr. Cole. Well----
    Mr. Nadler. The statute is talking about collection. You 
are trying to confuse us by talking about use.
    Mr. Cole. But the collection is only there and is only 
valuable if it is used, and the use is severely restricted----
    Mr. Nadler. We are not talking about the use. The abuse of 
the statute, the abuse of civil liberties, the abuse of privacy 
is not only misuse, but miscollection. If you are collecting 
information about my telephone when you shouldn't be doing 
that, that is an abuse, even if you just simply file that and 
never use it.
    Mr. Cole. We go to the court and describe to them exactly 
how the program will work, what the limitations are----
    Mr. Nadler. Well, that--excuse me. That doesn't help me. 
The fact that the----
    Mr. Cole. The court authorizes us to do this collection.
    Mr. Nadler. Let me ask the question. The fact--the fact 
that a secret court, unaccountable to public knowledge of what 
it is doing, for all practical purposes unaccountable to the 
Supreme Court, may join you in misusing or abusing the statute 
is of no comfort whatsoever. So to tell me that you go to the 
FISA court is irrelevant if the FISA court is doing the same 
abuse of the statute.
    So, again, can you give me some examples where ongoing bulk 
collection--I am not asking about use--has been allowed by 
virtue of grand jury subpoena without showing of a specific 
connection--without showing the connection between those 
tangible things and a specific existing investigation?
    Mr. Goodlatte. The time of the gentleman has expired. Mr. 
Cole will be allowed to answer the question.
    Mr. Cole. We will take that similarly as a question for the 
record, and again, depending on the Rules of Criminal 
Procedure, we will see what we can get back to you, sir.
    Mr. Nadler. And be aware, of course, that you could give it 
to us on a classified basis so that we could say our 
conclusions about that information.
    Mr. Goodlatte. The time of the gentleman has expired.
    The gentleman from North Carolina, Mr. Coble, is recognized 
for 5 minutes.
    Mr. Coble. Thank you, Mr. Chairman.
    Lady and gentlemen, good to have you all with us today.
    Mr. Cole, let me start with you. Does the Fourth Amendment 
protection against unreasonable search and seizure apply to 
business records that could be obtained under 215 of the 
PATRIOT Act?
    Mr. Cole. In particular, Mr. Coble, it does not apply to 
the metadata records. There is a case, Smith v. Maryland, where 
the Supreme Court ruled that these kinds of records, there is 
no reasonable expectation of privacy. So there is no Fourth 
Amendment protection.
    Mr. Coble. Let me follow up with another question. So does 
a person then have a reasonable expectation of privacy in 
third-party business records?
    Mr. Cole. People generally do not when they are in third-
party hands because other people already have them. So the 
expectation of privacy has been severely undermined.
    Mr. Coble. Is it true that a 215 order provides greater 
privacy protection than does a grand jury or administrative 
procedure--or administrative subpoena, which can be used to 
obtain the same types of business records in a criminal 
investigation without prior court approval?
    Mr. Cole. Yes, it does. There are a number of provisions in 
215 that provide much greater protection than a grand jury 
process would. First, you have to go to a court. The court has 
to specifically review the program and the description of the 
relevance of these records, how they will be accessed, how they 
will be overseen, how there will be auditing, how there will be 
reporting on it, how there will be compliance with all of the 
rules of the court.
    None of that takes place in the grand jury context.
    Mr. Coble. Mr. Cole, if the Fourth Amendment applies to 
foreign countries, do other American protections under the Bill 
of Rights apply, such as the Second Amendment under the due 
process clause?
    Mr. Cole. Not necessarily, sir. The Fourth Amendment 
applies to U.S. persons who are outside of the United States, 
but it generally does not apply to non-U.S. persons who are 
outside of the United States.
    Mr. Coble. Mr. Cole, for the benefit of the uninformed, and 
sometimes I feel I am in that category, describe for the 
Committee the makeup of the FISA court, who sits on it, where 
it resides, and how it operates.
    Mr. Cole. The FISA court is made up of judges, Article III 
judges, who have been nominated by the President. They cover 
any number of different Administrations. They have been 
confirmed by the United States Senate for a life appointment. 
They have their regular duties as District Court judges.
    They are appointed by the Chief Justice of the United 
States to serve a term on the FISA court. There are 11 of them 
at any given time when you have a full complement. Each of them 
serves for a week at a time. They do not take care of their 
other court duties back in their home districts. They come and 
serve on the FISA court for that week, handling the 
applications.
    There is a staff there as well that helps them and goes 
through it and is their clerks and some of their legal research 
assistants in this matter, and these last for, I believe, a 
term of 7 years that each judge can sit on the court.
    Mr. Coble. And I believe you, Mr. Cole, or one of the 
members of the panel may have indicated this. That to some 
extent, there is confusion as to the number of denials. There 
has been criticism leveled at the court, indicating very few 
denials. But I think you addressed that or one of you addressed 
that earlier in your comment. Do you want to add to that?
    Mr. Cole. Yes, the level of denials is very similar to the 
same level of denials, which is small, for normal Title III in 
a criminal context--wiretap applications that are made to 
judges in regular courts. These are also done in chambers and 
with one party.
    And the reason that the number is so low, first of all, is 
under the FISA, you have to have either the Attorney General or 
myself, or the Assistant Attorney General for the National 
Security Division, sign off on the application, very high-
ranking officials in the department. So those applications are 
done very carefully in the first place.
    Number two, the court, if they are not satisfied with an 
application that comes in, will tell us, and they will say you 
need more information. You need more restrictions. You need 
more requirements. So we will respond to that, and unless we 
satisfy them on all of their requirements, they will not sign 
the application. But more often than not, we can go back and 
find the additional information that they will need.
    So there is something of an iterative process, but it is 
not unlike what goes on with a normal court every day in the 
Title III or the wiretap process.
    Mr. Coble. Thank you, Mr. Cole.
    Mr. Chairman, I see my amber light. I would like to make 
one final statement. And this may not be the day for it, but 
Mr. Chairman, at some point, I would like to know the cost that 
has been expended in implementing this matter. If you would 
concur with that, I will pursue that at a later date.
    Mr. Goodlatte. I do concur with that. That is a very 
important piece of information to have, but I believe that is 
classified and would entail the subsequent hearing that I 
anticipate we will have in a classified setting where we can 
get answers to questions like that.
    Mr. Coble. I thank you, Mr. Chairman.
    And good to have you all with us. I yield back, Mr. 
Chairman.
    Mr. Goodlatte. The Chair thanks the gentleman and 
recognizes the gentleman from Virginia, Mr. Scott, for 5 
minutes.
    Mr. Scott. Thank you.
    Mr. Cole, did I understand you to say that you do not have 
an expectation of privacy on your phone records?
    Mr. Cole. The Supreme Court ruled in Smith v. Maryland that 
you do not have a sufficient expectation of privacy in the 
phone records, as we have talked about it. The two----
    Mr. Scott. Okay. That is fine.
    Ms. Douglas, you indicated that you do not--you just get 
the numbers, not the names. Is there--if the numbers are 
relevant under whatever standard you are using, why are not the 
names equally relevant?
    Ms. Douglas. Well, the names are not collected in the 
metadata.
    Mr. Scott. Well, where is the limitation? If you can get 
the numbers, why can't you get the names?
    Ms. Douglas. Well, we can through other legal process, and 
that is what the FBI will do. And so, if we receive a phone 
number----
    Mr. Scott. No, I mean why don't you get it all at once? 
Where is the statutory limitation?
    Mr. Litt. If I can answer the question here, I think that 
this indicates the fact that as the Deputy Attorney General 
said that this program is carefully set up in such a manner----
    Mr. Scott. Where is the----
    Mr. Litt [continuing]. As to minimize the invasion of 
privacy. One of the reasons----
    Mr. Scott. Where is the statutory limitation?
    Mr. Litt [continuing]. This program is found reasonable is 
the fact that the collection is very limited. The access is 
very limited.
    Mr. Scott. Okay, okay.
    Mr. Litt. And it is on that basis the court has approved 
the collection.
    Mr. Scott. You have made up. That is because you have made 
up the program. I asked you a specific question where if this 
is available, where is the statutory limitation to what you can 
get? There is no statutory limitation. You are kind of making 
it up as you go along.
    Mr. Litt. We are not making it up. We are seeking the 
approval of the court, and this collection----
    Mr. Scott. Okay. What----
    Mr. Litt [continuing]. Has been repeatedly approved by 
numerous judges of the FISA court, found to be in compliance 
with the statute.
    Mr. Scott. Okay. Once you get the information, we know 
through the recent case on DNA, once you get DNA from somebody, 
you can use it in ways that you could not have obtained the 
information. But once you get it, you can run it through, no 
probable cause or anything, through the database.
    My question is once you get this metadata, where is the 
limitation on what you can use it for?
    Mr. Litt. It is in the court's order.
    Mr. Scott. Where is the statutory limitation?
    Mr. Litt. The court--the statutory limitation says that we 
can acquire the information as ordered by the court. The court 
sets limits on what we can do with it, and we adhere to those 
limits.
    Mr. Scott. Well, is there a limit in criminal 
investigations or an exception for criminal investigations 
without a probable cause?
    Mr. Litt. With respect to information obtained under 
Section----
    Mr. Scott. Once you have got the metadata, can you run a 
criminal investigation without probable cause?
    Mr. Litt. The metadata can only be used in pursuit of a 
terrorism investigation, and the only thing that is done with 
that is that telephone numbers are generated out of it for 
further investigation. It cannot be used for a criminal 
investigation unrelated to terrorism.
    Mr. Scott. Wait a minute. You are talking about 
minimization?
    Mr. Litt. The court's order provides that we can only use 
this data for purposes of a terrorism investigation.
    Mr. Scott. Well, how does the court get to--why is the 
court required to place that limitation on it?
    Mr. Litt. Because the court looks at the application that 
we are submitting and determines that with all of the 
restrictions that are imposed here, this is a reasonable method 
of collecting this information and that it complies with both 
the statute and the Fourth Amendment.
    Mr. Scott. Is there an exception under minimization for 
criminal investigations? Section (g) minimization procedures 
(2)(c) says that ``notwithstanding subparagraphs (A) and (B), 
procedures that allow for the retention and dissemination of 
information that is evidence of a crime which has been, is 
being, or about to be committed, and that is to be retained or 
disseminated for law enforcement purposes'' are exempted from 
the minimization requirements.
    Mr. Litt. The procedures applicable to this kind of 
collection allow it only to be used on the terms specified by 
the court, and that is limited to generating the kind of 
information that you----
    Mr. Scott. Well, is that----
    Mr. Litt [continuing]. Talked about in pursuit of a 
terrorism investigation.
    Mr. Scott. Okay. And so, the minimization exception for 
criminal investigations doesn't apply? If you trip over some 
criminal, some crimes----
    Mr. Litt. We are not allowed to use this database for a 
criminal investigation unrelated to terrorism.
    Mr. Scott. Well----
    Mr. Cole. Mr. Scott, I think there may be some confusion--
--
    Mr. Scott [continuing]. Then that is not what the code 
section says, but if that is what you want, maybe we need to 
change it. Does exclusionary rule apply? If you trip over some 
crimes and try to use it, does it--and including the principle 
of the poison tree, evidence of a poison tree, does that apply? 
Do those exclusions apply to stuff you may trip over that you 
have gotten through this?
    Mr. Litt. We don't have the ability to trip over it in 
this. All this data is, is a series of telephone numbers and 
other identifiers. The only thing we can use this data for is 
to submit to the pool of data a telephone number or other 
identifier that we have reason to believe, based on articulable 
facts, is associated with terrorism. We can then say what 
numbers has that been in contact with?
    Any other further investigation has to be done under some 
other authority.
    Mr. Scott. Well, you have--Mr. Chairman, I apologize, but 
the limitation, the minimization exception for a criminal 
investigation, and when I asked the Attorney General Gonzales 
about what you could use this information for, he specifically 
indicated criminal--it is (g)(2)(C) under minimization 
requirements procedures.
    He specifically said you could run a criminal investigation 
without the necessity, implying without the necessity of 
probable cause that you usually need to do to get information.
    Thank you, Mr. Chairman.
    Mr. Goodlatte. The Chair thanks the gentleman and 
recognizes the gentleman from Alabama, Mr. Bachus, for 5 
minutes.
    Mr. Bachus. Thank you.
    Let me start by saying I am satisfied, at least from what 
limited knowledge I have, that the motivation behind this was 
legitimate and necessary for our national security to start 
this process, establishment of a court. And that from your 
testimony you have not, apparently not abused individual 
rights, and you have been an effective tool for terrorism.
    But my concern is this could evolve into something that is 
quite different. The Star Chamber, I mean, in England started 
out as very good, very popular with the people. It allowed 
people to get justice that otherwise would not. But it evolved 
over time into a powerful weapon for political retribution by 
the king.
    And my question is, in fact, I was reading the Supreme 
Court. It said it symbolized disregard of basic individual 
rights. They talk about actually the right against self-
incrimination was a direct result of what happened in England 
when this court evolved into something quite different from 
what it was intended to do.
    So my first question to all of you is how do we--how do we 
keep this from evolving into a weapon, an unchecked weapon by 
the Government to violate people's constitutional rights? And I 
am more concerned about Americans' rights, not terrorists' 
rights.
    Mr. Cole. I think you raise a very excellent point, and I 
think the way this is designed, to make sure that all three 
branches of Government are involved, that this isn't just the 
king or the administration or an executive branch doing it. 
This is something that is done with permission of the court and 
supervision of the court, with rules laid down by the court to 
make sure it comports with the Constitution and the privacy 
rights of U.S. citizens.
    It is done through statutes that are passed by this body, 
where we report back to this body and tell you what we have 
done with it and how it works and let you know what problems we 
have had and how we have fixed them. And it is also done with a 
lot of oversight within the executive branch, with Inspectors 
General and a number of different executive branch agencies 
that audit and oversee exactly how it is done and make sure it 
is done right.
    I think that is how.
    Mr. Litt. If I can just emphasize one point on that? This 
Committee has a very important role in ensuring that these 
authorities are not abused. We are required to report 
extensively on all activities under FISA to the Intelligence 
and Judiciary Committees of both houses, and we do that. We 
provide--we are required to provide copies of all significant 
opinions. We are required to provide reports about how these 
activities are carried out.
    And we welcome your participation in that oversight to 
ensure that, in fact, we don't cross the bounds that the people 
want us to adhere to.
    Mr. Bachus. Anyone else? You know, when I learned about 
this, I was not aware of it at all, and I think the original 
response was that 14 Members of Congress knew something about 
this. Were those reports erroneous? Did----
    Mr. Litt. I can't speak to what Members actually knew. I 
can tell you what we did to inform Members.
    At the time when this legislation was first up for renewal 
in 2009-2010, we provided a classified letter to the 
Intelligence Committees that described this program in great 
detail.
    Mr. Bachus. How about the Judiciary Committee?
    Mr. Litt. The letter was provided to the Intelligence 
Committee. The Intelligence Committee, my understanding is, 
sent an all-Member letter saying that this is available to all 
Members. This was our intention.
    We also offered classified briefings to Members of this 
Committee, and I recall participating in one of those 
briefings. And in fact, the letters were also referenced in a 
statement on the floor by a Member of the Intelligence 
Committee, saying these letters are available, and I urge you 
all to come and read them. So we were not trying to hide this 
program.
    Mr. Bachus. Do you have any objection to the court opinions 
and periodic reports being made available to all Members of 
Congress?
    Mr. Litt. I think we would have to take that back. I think 
the answer is probably no, but I think we would have to think 
about the implications of that.
    Mr. Bachus. Sure, and I think that is my response would be 
I want to think about it.
    Mr. Goodlatte. The time of the gentleman has expired.
    Mr. Bachus. Thank you.
    Mr. Goodlatte. The gentlewoman from California, Ms. 
Lofgren, is recognized for 5 minutes.
    Ms. Lofgren. Well, thank you, Mr. Chairman, and thanks to 
our witness.
    I was thinking back to September 11th, one of the worst 
days I have ever spent in the Congress, and remembering that 
that weekend, after the attack, that members of the White 
House, the intelligence community, Members of this Committee 
and our staff, sat right at that table. We sat around that 
table and worked together to craft the PATRIOT Act.
    And it is worth remembering that that original act was 
passed unanimously by the House Judiciary Committee, and it had 
the balance that we thought was important to protect the 
country, but also looking forward to protect the rights of 
Americans under the Constitution. And I share the concern 
expressed by Mr. Sensenbrenner that things have gone off in a 
different direction from that day.
    Now I, as my colleague has indicated from Alabama, I don't 
question your motivation, which is to keep America safe. I 
mean, I know that that is what you are trying to do, and 
certainly we all want that.
    But the concern is that the statute that we crafted so 
carefully may not be being adhered to as envisioned by us and 
as reported to us. And I just want to say this. I mean, yes, we 
have a system where there are checks and balances, but part of 
that is that the legislative branch needs to have understanding 
of what the executive branch and the judicial branch is doing, 
and we can't do that without information.
    It has been discussed that we get these ample reports. And 
I just want to--I just recently reviewed the annual report on 
Section 215. Is it true, Mr. Cole, or isn't it true that the 
annual 215 report to the Committee is less than a single page 
and not more than 8 sentences?
    Mr. Cole. I think that the 215 annual reports are quite a 
bit less than the 702 annual reports.
    Ms. Lofgren. I just ask the question. Is that about the 
size, is it your recollection?
    Mr. Cole. I would have to go back and take a look to answer 
specifically.
    Ms. Lofgren. All right. Is it true that the report of the 
number of applications really gives the Committee information 
as to the amount of records and the number of entities 
impacted?
    Mr. Cole. I am sorry?
    Ms. Lofgren. The number of applications, is there a direct 
correlation between the number of entities impacted by those 
applications or the number of records?
    Mr. Cole. The number of entities impacted will depend on 
how many phone numbers have been called by the selector.
    Ms. Lofgren. Right. So you could report the number of 
applications, but it would have no relationship to the amount 
of records actually acquired?
    Mr. Cole. It would not necessarily, no. But you can imagine 
it is small.
    Ms. Lofgren. Thank you very much.
    I just--looking at this letter that was sent to Mr. 
Sensenbrenner, and I thank him for sending it out. And by the 
way, he and I have sent a letter to Attorney General Holder and 
to Director Clapper asking that U.S. companies be authorized to 
publish information regarding the Government request for user 
data under FISA.
    I think it is terribly unfair that these companies that are 
being discussed around the world have no capacity legally to 
say what has been asked of them. So I know the letter was just 
sent. I would ask that you respond to that as promptly as 
possible just out of basic fairness to the companies involved.
    But going back to the letter, it seems to me that if you 
take a look at page 2 of the letter, the second paragraph, it 
indicates that NSA has reported in the last calendar year fewer 
than 300 unique identifiers. This means that only a very small 
fraction of the records is ever reviewed by any person and is 
actually relevant to the records. Per se, that sentence 
indicates that getting all the data is clearly not relevant to 
a specific inquiry.
    And then if you go on to the next page, and this really 
gets to my question and you have referred to it in the 
testimony as well, the consistency allegedly with the 
Constitution--now it is true that the Constitution in the Smith 
case indicated that there is no expectation, reasonable 
expectation of privacy with information held by third parties. 
Is it your position that that constitutional provision trumps a 
statute?
    Can the Congress say the Constitution would allow you to 
capture every phone record, every photograph taken of an 
American at an ATM machine because that is in plain sight and 
that that constitutional provision would trump the ability of 
Congress to say, no, we are going to authorize less?
    Mr. Cole. No. As long as whatever Congress does is 
consistent with or within the bounds of the constitutional 
provision----
    Ms. Lofgren. So Congress can do less?
    Mr. Cole [continuing]. They can do that. Certainly.
    Ms. Lofgren. Can do less. I would just like to say that as 
to the FISA court, and I am sure that the judges take their 
obligation as seriously as you do. But the whole system of our 
justice system is set up in an adversarial way. And when you 
have only one party there, you don't have a counterparty making 
a case before the court.
    The expectation that our system will work well, as it does 
in other environments, I think is misplaced. I share with Mr. 
Sensenbrenner the belief that this will not be able to be 
sustained. I look forward, Mr. Chairman, to our classified 
briefing, but I think that very clearly this program has gone 
off the tracks legally and needs to be reined in.
    And I thank the Chairman for yielding to me.
    Mr. Goodlatte. The Chair thanks the gentlewoman and 
recognizes the gentleman from Virginia, Mr. Forbes, for 5 
minutes.
    Mr. Forbes. Thank you, Mr. Chairman.
    And ladies and gentlemen, thank you for being here today.
    I don't want to scream at you or yell at you, but you know 
we have got a lot of people across the country that would like 
to do that. And the reason this room is packed so much today 
and people were waiting in long lines is not just about this 
program. They kind of feel their country is shifting, and they 
feel, rightly or wrongly, that this Administration has adopted 
the philosophy that somehow the end justifies the means.
    They feel like that more than any Administration in history 
this is an Administration that has used taxpayer resources to 
advocate their political agendas. They feel like more than any 
Administration in history, this is an Administration that has 
decided which laws they want to obey, which ones they want to 
ignore, and which ones they want to just rewrite.
    They feel like more than any Nation in history, this is an 
Administration that has used enormous power of Government 
agents to oppress and harass U.S. citizens like they have seen 
with the IRS. And now they see this Administration using this 
unprecedented amount of data collection, first in their 
campaigns and then in Government, on amounts of data to use for 
the aforementioned goals.
    And they don't know, every time they see a Benghazi, they 
don't know how many more boards they are going to pull up, and 
there is one that they don't know about or IRS programs that 
they pull up and they don't know another one that they might 
see and that there are other data programs that they don't know 
about.
    And this is something that I just don't think we realize 
enough because over and over again, we hear Administration 
coming over here and saying this to us. They say, well, this 
isn't illegal, and you need to change the law.
    And we need to emphasize part of this Committee is just 
because something is not illegal, it doesn't mean that it is 
not wrong. And when we look at something, you have got a 
difficulty because you can't even really come in here and 
explain what this program does. You can't tell us how many 
people are involved with it. You can't tell us the cost. You 
can't tell us what the court is saying.
    But this is my question for you. There has to be an 
enormously large number of individuals administering this 
program. Can you tell us if any of those individuals have 
abused the power that they have within this program that has 
not been disclosed to the Congress or the American people, one? 
Because it would be hard for us to believe that there hasn't 
been some abuses.
    Number two, what is your process for collecting that 
information to make sure those abuses don't take place, and how 
do you distribute that information? And three, has anybody ever 
been disciplined for abusing that information?
    And any of you who have that information, I would love for 
you to offer it to us.
    Mr. Cole. Let me if I can, Mr. Forbes, start by answering 
the questions that you have put. First of all, I think it is 
important to note that this program has been going on across a 
number of Administrations, and it is not unique by any means to 
this Administration. It has been for prior Administrations, 
too.
    It is also done pursuant to court authorization and 
pursuant to statute, and so it is done not as some rogue 
matter, but as some matter that, in fact, has been authorized 
by law, authorized by the courts, and carefully scrutinized. 
And that gets to the main part of the question that you have 
asked, which is we know of no one--and I can let Mr. Inglis 
expand on that--who has ever intentionally or in any kind of 
wrongful way abused this.
    There may have been technical problems that have happened 
here and there, but there has been nobody who has abused this 
in a way that would be worthy of or cause discipline. This 
program goes under careful audit. Everything that is done under 
it is documented and reviewed before the decision is made and 
reviewed again after these decisions are made to make sure that 
nobody has done the things that you are concerned about 
happening.
    And those are valid concerns, and we take them into account 
by having these audit procedures and having the reporting that 
we do and the consultation both with the court and with 
Congress to make sure that those things don't happen. We have 
not, to my knowledge, disciplined anybody for this because our 
controls make sure this doesn't happen. But we do look for it 
and we look for it hard, and we haven't found it.
    Mr. Inglis. Sir, if I can just--I concur with Mr. Cole's 
remarks. Say across my time, I have been the Deputy Director 
now for 7 years, there have been no willful abuse of the 215 or 
the 702 program. In fact, the Senate Select Committee on 
Intelligence in the summer of 2012 said that in a formal report 
that in a 4-year review that they had detected no willful abuse 
of the 702 program.
    I would say how would those be identified? In much the same 
way that Mr. Cole talked about. That there are a number of 
processes that review the formation of the selectors, the 
results generated by those selectors not just at NSA, but 
between NSA and the Department of Justice and the court, and 
there are any number of opportunities then to turn up a 
misappropriation of the resources dedicated to this program for 
some other purpose.
    And would those persons who abused this program then be 
disciplined? Of course, they should be.
    Mr. Forbes. And my time is expired. And I don't mean to cut 
you off, but I would love to have your responses for the 
record.
    But when you guys tell me nobody has abused it, I thought 
Mr. Snowden abused it pretty badly. And I can't imagine if we 
had somebody like that doing it that we don't have at least 
that capacity. But I would love to have your responses for the 
record because I don't want to abuse other people's time.
    And Mr. Chairman, I yield back my time.
    Mr. Goodlatte. Mr. Inglis, if you care to respond to the 
gentleman from Virginia's comment about Mr. Snowden, we would 
be happy to have it.
    Mr. Inglis. I would be happy to take that question for the 
record but would say here for the record that we do not have 
any evidence that Mr. Snowden abused the program as we have 
defined it today. He may have abused his trust in disclosing 
classified details of that program.
    Mr. Forbes. But in all due respect--and I said I wasn't 
going to yell at you, and I am going to try not to. But that is 
exactly what the American people are really worried about, that 
somebody is getting their data and using it to disclose it in 
some other situation. And for the life of me, I don't 
understand how you guys parse that issue that is there.
    So, Mr. Chairman, that is what is infuriating the American 
people. They are understanding that if you collect this amount 
of data, people can get access to it and use it in ways that 
can harm them, not just the United States of America. And that 
is what is concerning them, I think, in a lot of areas.
    So, Mr. Chairman, I hope we can get a more elaborate 
response maybe for the record on that.
    Mr. Inglis. We would be happy to provide a response for the 
record, sir.
    Mr. Goodlatte. The Chair thanks the gentleman and 
recognizes the gentlewoman from Texas, Ms. Jackson Lee, for 5 
minutes.
    Ms. Jackson Lee. Let me thank you very much.
    And I think it is important to make sure that as those of 
us who represent Americans, we appreciate what the intelligence 
community does. But the very idea that the Chairman and Ranking 
Member has held this hearing and that you are having any number 
of hearings, I think the issue is that we have to do something. 
We have to do more to be able to ensure the trust of the 
American people, and I raise these questions in the context of 
that.
    One point that our Ranking Member made that if we cannot 
prove the necessity of this megadata collecting, then why are 
we necessarily doing it? And then we join with the Chairman 
that says it must show value, but we must also have the premise 
and the respect for the civil liberties of the American people.
    So I pose the first question that deals with the idea that 
witnesses have testified in recent hearings that the phone 
record data were queried 300 times last year. How do you define 
a query, and how do you define the necessity of what I call 
trolling? And someone wanted to have me rephrase that. But the 
gathering of millions and millions of megadata gathering, how 
do you define query first, but then how do you justify that 
gathering?
    Mr. Inglis. Yes, ma'am. I will take that question. So, 
first, the court has approved procedures by which we can form a 
selector, and the reasonable, articulable suspicion standard 
was what we described earlier. And less than 300 times in 2012, 
we approved a selector for entering the database.
    The court also approves what is called----
    Ms. Jackson Lee. So the query is based upon permission by 
the FISA court?
    Mr. Inglis. Yes, ma'am. The FISA court approves the rules, 
but as we have described in this hearing, the decisions about 
how to form those selectors are made at the National Security 
Agency and subject to auditing and review.
    Ms. Jackson Lee. So the query is made without a warrant. 
You go by criteria that has been set, and then you make a query 
and a preliminary oversight, if you will. Is that what you are 
saying?
    Mr. Inglis. That is correct, ma'am. And can I just then add 
that the court has also given permission to do not just first 
hop analysis, meaning what numbers are in contact with that 
selector, but to then from those numbers go out two or three 
hops. In many of the cases that Ms. Douglas referenced earlier, 
it was at the second hop. It was at that second connection that 
something of interest came that then caused the Federal Bureau 
of Investigation to apply their resources to essentially 
uncover or add additional information to terrorist activities.
    Ms. Jackson Lee. Once you do the query out of the 300, then 
what are the next step?
    Mr. Inglis. So that query, when it is returned, can be a 
first hop query or a second or a third hop query. That 
information is then reviewed by the National Security Agency 
analyst, and a report would be written and disseminated to the 
Federal Bureau of Investigation if we see something that would 
be of interest to them.
    In many cases when a query is performed, nothing of 
consequence turns up. No connections that are untoward turn up. 
Therefore, no report would be made. But when----
    Ms. Jackson Lee. Let me ask Mr. Cole. Thank you very much.
    Let me ask Mr. Cole when does the DOJ become engaged? The 
FBI, of course, is the investigatory arm. What is the DOJ's 
oversight role more specifically? And how do you utilize the 
FISA court?
    And as you do that, I have introduced bipartisan 
legislation dealing with the whole issue of the FISA court. It 
specifically asks for the release and the reporting of 
nonclassified opinions, which I think would contribute more to 
the trust of the American people. Would the Justice Department 
consider that? As you answer the question.
    Mr. Cole. Thank you, Ms. Jackson Lee.
    Certainly, we will consider that and work with you in 
regard to that.
    The Justice Department's involvement here is to first make 
sure that the provisions of the statute in making the 
application to the court meet the standards that have been set 
out under law. So we are in the process of the application and 
making sure through legal advice that this, in fact, meets the 
standards set out by the statute as passed by Congress.
    We also engage with the court for any questions that the 
court may have as to how this will be done, what kind of 
oversight will be done, what kind of limitations will be 
imposed. So that we end up with what is a court-authorized 
system, as described by Mr. Inglis, where we go and make those 
and have NSA make that determination. We will----
    Ms. Jackson Lee. Mr. Cole----
    Mr. Cole [continuing]. Audit as well the determinations on 
a random basis to make sure that they are in compliance with 
what the court has ordered. And if they are not in compliance, 
we will then report that to the court and then oversee, with 
the court's supervision, fixing those compliance issues to make 
sure that they do comply.
    Ms. Jackson Lee. Let me interrupt you so I can just get 
this last question in to Mr. Inglis. Mr. Inglis--thank you very 
much.
    Mr. Inglis, let me just put this question out. We have had 
a release of data and a suggestion that the release that has 
been given by an individual that is now traveling around the 
world has a dastardly impact on knowing the system of 
collection of data, in the person of Mr. Snowden.
    Can you speak generally to the idea of the impact, and can 
you also express the reason for 70 percent of the intelligence 
budget being used for contractors? I offer to you 2434 that is 
asking for a study for that, a bill that I have introduced. But 
I would like to know those two questions quickly, please.
    Mr. Inglis. Yes, ma'am. On the first question, I would say 
that the impact associated with Mr. Snowden's disclosures can 
be very, very harmful. It is too soon to tell whether, in fact, 
adversaries will take great note of the things that he has 
disclosed. But those capabilities, sensitive capabilities give 
them a playbook as to how they would avoid, right, the time and 
attention of the U.S. foreign intelligence and, for that 
matter, domestic intelligence organizations. So we are very 
concerned about that.
    Mr. Litt would like to take the second question on 
contractors.
    Mr. Litt. Yes, on the question about contractors, it is 
important to differentiate between two kinds of contractors. 
When we--when Lockheed Martin or somebody builds a satellite 
for us, that is a contractor. And so, when you talk about 70 
percent of the budget being contractors, and I don't know that 
number offhand, but I will assume it is accurate, that includes 
all the contracts for building of satellites, for rental of 
space, and so on and so forth.
    There is another category of contractors, which we call 
core contractors, which are the people who work in the building 
side-by-side with us. We have been working very hard to reduce 
the number of core contractors. I think in the last 5 years, we 
have reduced it by 36 percent.
    Obviously, as a result of what has happened recently, we 
are looking again at whether certain categories of employees 
should not be contractors but should be made Government 
employees.
    Ms. Jackson Lee. Mr. Litt, we have had this discussion 
before.
    Mr. Goodlatte. The time of the gentlewoman has expired.
    Ms. Jackson Lee. I think you need help, and I would like to 
work with you on the legislation.
    Thank you, Mr. Chairman. I would like to work with Mr. Litt 
to get that done and get that more----
    Mr. Goodlatte. The time of the gentlewoman has expired.
    Ms. Jackson Lee. I yield back.
    Mr. Goodlatte. The gentleman from Iowa, Mr. King, is 
recognized for 5 minutes.
    Mr. King. Thank you, Mr. Chairman. I appreciate this 
hearing and the testimony of the witnesses.
    And I would first turn to Mr. Litt. And if I remember in 
your opening statement, you made mention that there wasn't 
restriction on foreign intelligence surveillance prior to 1978 
and the FISA court. Am I correct on that?
    Mr. Litt. Yes, there was no judicial involvement.
    Mr. King. And I would submit that every Nation that I know 
of does foreign surveillance, and I don't know of other Nations 
that have judicial interference with the national security 
activity of foreign surveillance. And are you aware of any?
    Mr. Litt. I can't speak for every Nation, but I think, 
generally speaking, you are correct that other Nations do not 
have their courts involved in foreign intelligence activities.
    Mr. King. So we are relatively unique in that, and neither 
do I understand why we would be concerned about the privacy or 
I will say the manufactured constitutional rights of foreign 
persons in foreign countries communicating with other foreign 
persons in foreign countries. I don't know why we would worry 
about their privacy.
    And I don't know why we would worry about their privacy if 
there is a nexus that might happen to be in the United States, 
provided it didn't interfere with the rights of a U.S. person. 
Would you agree with that?
    Mr. Litt. Well, I think from the point of view of the 
Constitution, it is correct that as the Deputy Attorney General 
said, that foreigners generally aren't protected by the 
Constitution. It is, nonetheless, true that we don't go out 
indiscriminately even as to foreigners. We only collect 
intelligence that has a valid foreign intelligence purpose.
    Mr. King. Yes, I understand the decency of the American 
people, but are we safer when we have judges deciding what we 
can surveil in foreign countries when there are foreign 
persons?
    Mr. Litt. I think that we have found that the operation of 
FISA so far has allowed us to collect the foreign intelligence 
that we need to collect to protect the Nation.
    Mr. King. And I am hearing that. Just another way of asking 
questions about this. The phone companies collect a lot of 
data, and it was mentioned that you like to keep that data for 
5 years, the metadata. But some only keep it for a year and a 
half.
    If an agreement could be reached with the phone companies 
to maintain that data for a 5-year period of time, the duration 
that you request, wouldn't that be a firewall that would be 
more reliable than having to have the facility to restore all 
that data. Mr. Inglis?
    Mr. Inglis. Yes, sir. A reasonable question, and I think 
that there are some challenges that could be overcome. The 
first is that those companies collect that data for their own 
business purposes, not necessarily for the Government's.
    And so, to rely upon what they hold themselves, there would 
have to be some basis by which you could either compel them or 
have some confidence that over time----
    Mr. King. A contractual agreement perhaps?
    Mr. Inglis. Pardon, sir?
    Mr. King. A contractual agreement perhaps?
    Mr. Inglis. Contractual agreement, possibly some liability 
protection. I will leave the legal framing of that to those who 
do statute and policy.
    Two, you would have to have some confidence that you could 
efficiently, quickly query that data.
    Mr. King. Sure.
    Mr. Inglis. And so, if you had multiple providers, upwards 
of more than two providers, you would then run pillar to post 
querying that data to----
    Mr. King. Could I ask you to take a careful look at that 
and come back to me with a--with really a serious, reasoned 
answer? You are giving me a good answer so far. I would just 
like you to dig in----
    Mr. Inglis. Yes, sir, we will. So it turns out that the 
Senate Select Committee on Intelligence, House Permanent Select 
Committee on Intelligence, and the executive branch have all 
asked us a question along those lines. We would be happy to 
provide those to you.
    Mr. King. Curious. Okay. Well, my clock is ticking down, 
but I will stick with you, Mr. Inglis.
    Now I am just going to ask this question, and it is not 
really a hypothetical, but point it out this way. And I am 
going to go through the list. So you have to check on each one, 
and I will come back if I need to.
    Do we have the ability to not necessarily listen in, but 
track every phone call in the United States? That is one 
question.
    Second one, do we have the ability to track any email in 
the United States? Do we have the ability to track Web site 
activity, any Web site activity in the United States?
    Do we have the ability to enter into active chat rooms and 
in real time monitor? Do we have the ability to track any 
electronic credit or debit transactions, including the ATM 
transaction mentioned by the gentlelady from California? Do we 
have the ability to locate cell phones that are active?
    Do we have the ability to track GPS locators, whether they 
are on vehicles or other devices? And then I know my clock is 
running down, so I want to pour a little more in here.
    It is reported by the Obama campaign that they profiled 
voters with open source data and used that data to target 
voters for turnout and voter suppression. The IRS has used 
their search engine to target the President's political 
enemies.
    Now if we can go this far, if all of these things are 
happening, if the answer is relatively yes to this list that I 
have given, then I would charge that it would be likely 
impossible to drive from Bangor, Maine, to Los Angeles without 
leaving a data trail in this country. And all of these things 
can be justified by the Constitution, by statute, by case law.
    Am I close? And how would you respond to that big question?
    Mr. Inglis. Yes, sir. If the predicate to each of those 
eight questions is ``in the U.S.'' and if the further predicate 
is ``can the NSA,'' the answer would be no to all of those 
questions. Is it technically feasible to do some of those 
things? Of course.
    And some of those things are, in fact, done by marketing 
organizations, by the telecommunications writers who attempt to 
determine the flow and the allocation of resource bandwidth to 
their resources. But the National Security Agency, as a foreign 
intelligence entity, lacks the authority and, frankly, lacks 
the collection to do the things that are on that list of eight 
questions.
    Mr. King. I would like to drill into that a little deeper 
if I had the time, but I thank you and I will yield back.
    Mr. Inglis. Sir, we would be happy to take a visit at NSA 
or come down and talk to you in whatever detail you would 
prefer.
    Mr. Goodlatte. The Chair thanks the gentleman and 
recognizes the gentleman from Tennessee, Mr. Cohen, for 5 
minutes.
    Mr. Cohen. Thank you, Mr. Chair.
    First, I would like to make a point. One of the previous 
questioners took the opportunity to attack the Administration 
and said this Administration has used the ends to justify the 
means in many areas.
    I believe, Mr. Cole, you said that all these programs 
started under the Bush administration and have not differed 
from Republican and Democrat. Is that correct?
    Mr. Cole. That is correct, sir.
    Mr. Cohen. I appreciate your clearing it up. And then to 
this question that the President and this Administration on the 
IRS, I believe it has come out that they not only looked at Tea 
Party, but they looked at liberal groups and any group that 
they felt was more than 50 percent political to look at in IRS. 
And it is wrong to question this President on those issues once 
the facts have come out to show that it was not a partisan or 
issue-driven area.
    And I find--take umbrage on behalf of the Administration at 
such questions and such allegations.
    Now let me ask you this, sir. Mr. Snowden, what security 
status did he have? He could see anything there that he wanted 
to? Was he limited in what he had access to?
    Mr. Cole. Let me put that over to Mr. Inglis.
    Mr. Cohen. Sure.
    Mr. Inglis. Mr. Snowden had a top secret special 
compartmented intelligence clearance. That is standard for 
someone in the U.S. intelligence community given access to top 
secret information.
    He, as a system administrator, had additional privileges 
that he could then set the permissions on various devices 
within the information systems, who could access things and how 
you could move data around.
    Mr. Cohen. Generally, how many people--how many people 
generally are in the same level as he was to access this 
information?
    Mr. Inglis. Across the population--and again, in this 
forum, I will be general in my description. But across the 
population numbering in tens of thousands, and you would expect 
hundreds of people would have those sorts of extraordinary 
permission, system administrator permissions----
    Mr. Cohen. So tens of thousands of people could have done 
what Snowden did?
    Mr. Inglis. No, sir. I would say that perhaps hundreds. And 
could I make a further distinction between his privileges in 
terms of what he could control?
    Like any organization, NSA has a side of its information 
architecture that is intended to make information available to 
people so that they might discover capabilities, they might 
find each other, they might pass email to each other. It is 
intended to be a free exchange of information.
    But then there is a production side that is much more 
rigorously controlled, and there is a need-to-know rule, 
philosophy on that side. Now Mr. Snowden took ruthless 
advantage of the former and did not have access to the latter, 
except in some limited circumstances in the training that he 
undertook in the last few months of his----
    Mr. Cohen. I asked in a letter, and you responded to me--I 
believe I got it last night--about the background on the 
security processing of Mr. Snowden. And I was concerned that a 
high school dropout, not that there can't be great high school 
dropouts, but it shows you can't meet certain criteria.
    Because basically finishing high school is you are going to 
jump through the loops. That guy wouldn't jump through the 
loops, and he has shown at other places he wouldn't jump 
through the hoops and he wouldn't do that. To put him in that 
type of top security level, I think, is questionable.
    But it was said that the Associate Directorate for Security 
and Counterintelligence begins the clearance process. Is any of 
the work of the Associate Directorate for Security and 
Counterintelligence contracted out, or is that all done by 
Government employees?
    Mr. Inglis. I think the determinations of whether to grant 
a clearance or not, that is an inherently governmental 
function. And so, that would be retained by Government 
employees. But in the investigation, the determination of the 
facts and circumstances associated with anyone's clearance 
determination, some of that would be contracted out.
    And I could provide the details----
    Mr. Cohen. Does it concern you at all? Should it be 
contracted out, or should that be strictly in-house?
    Mr. Inglis. There is an inherently governmental decision to 
be made in that, and that, therefore, should be withheld and 
retained inside the Government. The production of information 
in terms of conducting interviews, investigations, I think that 
some of that can be reasonably contracted out such that the 
synthesis and an examination of that is done by someone that 
has the higher trust.
    Mr. Cohen. And how did Mr. Snowden take this data with him? 
He has got certain information in Moscow with him now. How did 
he do that?
    Mr. Inglis. Sir, I don't actually know precisely how he 
took the information with him, and it is a matter of 
investigation. I think in due course, we will know, and we 
would be happy to provide that to you.
    Mr. Cohen. But he would have probably taken it on some type 
of a disk or some type of a little with him?
    Mr. Inglis. I just----
    Mr. Cohen. From a secure facility, I presume----
    Mr. Inglis. I would just be speculating. I think that that 
is possible.
    Mr. Cohen. Well, should there not be some changes in the 
procedures to make sure that people don't leave that secure 
facility with disks or anything else?
    Mr. Inglis. Mr. Cohen, I would say that we are examining 
all of that. There are some controls already in the system 
about who can download to secondary storage devices----
    Mr. Cohen. All right. Let me ask Mr. Cole. You mentioned 
that the judges come from different Administrations, the FISA 
judges. Would it surprise you to know that 10 of the 11 judges 
all came--were appointed by Republican Presidents?
    Mr. Cole. These are--it wouldn't surprise me. It wouldn't 
surprise me either way. These are selections that are made by 
the Chief Justice.
    Mr. Cohen. By the Chief Justice, who is a Republican 
appointee. And he has picked--10 of the 11 judges he has picked 
were appointed by Republican Presidents. Yet if you go back 
over history, back to Jimmy Carter, it is about the same number 
of years. There is a difference of 4 of Democratic and 
Republican Presidents. But he chose Republicans.
    Do you think there should be some change to make sure that 
there is possibly an ideological balance on that FISA court?
    Mr. Gowdy [presiding]. You can answer the question. The 
gentleman's time has expired, but you can answer the question.
    Mr. Cole. I think those are issues that we can discuss, 
that we try to take partisan politics out of the judicial 
aspect of it, and it operates, I think, best when it is 
insulated from that.
    Mr. Cohen. I thank the panel, and I thank the gentleman 
from the Palmetto State.
    Mr. Gowdy. Thank the gentleman from the Volunteer State.
    The Chair would now recognize the gentleman from Texas, 
Judge Poe.
    Mr. Poe. Thank the Chair.
    Thank you for being here.
    My background is, as the Chairman just mentioned, a judge. 
I spent 22 years at the criminal courthouse in Houston trying 
everything from stealing to killing. So I don't like criminals 
at all.
    But I have looked at the Constitution and read it, and I am 
going to just read you one thing, one phrase that all of you 
know probably by memory. It is the Fourth Amendment, ``The 
right of the people to be secure in their persons, houses, 
papers, and effects against unreasonable searches and seizures 
shall not be violated. No warrants shall issue, except upon 
probable cause, supported by oath or affirmation, and 
particularly describing the place to be seized and searched and 
the persons or things to be seized.''
    And as we all know, generally speaking, historically, 
warrants are brought to judges by law enforcement and the judge 
signs or doesn't sign the warrant, issuing the paper to go out 
and seize that person in that specific place.
    Now I have read that numerous times, and I don't see in 
here anywhere as an exception for national security. Do any of 
you see a national security exemption to the Fourth Amendment?
    Mr. Litt. There is not a national security exemption, but 
several courts have held that there is--that the warrant 
requirement of the Fourth Amendment does not extend to the 
conduct of foreign intelligence. That is not to say that the 
reasonableness requirement doesn't apply.
    Mr. Poe. Okay.
    Mr. Litt. But the warrant requirement----
    Mr. Poe. I just have a little bit of time. I understand 
your answer. We are not talking now about foreign intelligence. 
Let us set the foreign issue and terrorists overseas where they 
are running wild, set that aside.
    Let us talk about searches and seizures in the United 
States of American citizens. Question, is there a national 
security exception to the Fourth Amendment when it comes to 
American citizens in the United States? Do you see that in the 
Fourth Amendment, any of you?
    Mr. Litt. Again, there is not a national security 
exception. There is a case of the Supreme Court called United 
States v. United States District Court. It is possible to have 
foreign intelligence collection against Americans, and I offer 
you the situation of an American who is a spy for Russia. We 
can be collecting valid foreign intelligence there, even though 
that person is an American.
    It happens that the Congress, in the FISA, has established 
warrant requirements for electronic surveillance and so on.
    Mr. Poe. I understand that. But the Fourth Amendment 
doesn't give that example.
    Mr. Litt. With due respect, there are cases that say----
    Mr. Poe. Okay.
    Mr. Litt [continuing]. There is an exception----
    Mr. Poe. We are going to argue until the sun goes down. The 
Fourth Amendment doesn't mention national security exception 
when it comes to the Fourth Amendment. That has been expanded 
throughout the years because of FISA, because of court rulings, 
but it is not in the Fourth Amendment.
    And I think that we should remember that the Fourth 
Amendment was written because of what was going on with King 
George III, how he was going into people's homes in the United 
States--the Colonies in those days--and seizing things with his 
Redcoats without a warrant. That is the basis of it.
    And I hope we don't get to a point in this country in the 
name of national security that we infringe and bruise the 
Fourth Amendment. I don't know about the four of you----
    Mr. Nadler. Would the gentleman yield?
    Mr. Poe. I won't. Sorry. I don't know about the four of 
you, but I have been in the former Soviet Union when it was--we 
can't use this word anymore--Communistic. And I was there, and 
the actions of the citizens were constantly under surveillance 
by government.
    And anything that was done, the government would say we are 
doing this for national security reasons because of those bad, 
old Americans overseas. We go into your homes. We bruise the 
concept of rights all in the name of national security.
    That concerns me, and I hope, as we move forward as a 
Congress, we rein in the concept that it is okay to bruise the 
spirit of the Constitution in the name of national security.
    Question, people who have had their--the law NSA violated. 
I think Snowden, I don't like him at all, but we would have 
never known what happened if he hadn't have told us. Do they 
have a recourse against the Government for improperly seizure 
of their records? Is there a recourse?
    Mr. Gowdy. You may answer the judge's question. His time is 
expired, but you may answer the judge's question.
    Mr. Cole. It depends on the nature of that seizure, 
depending on where they came from. For example, if it comes 
from a third party, it is not necessarily their records. But 
the phone company can certainly challenge the subpoenas. And if 
it was to be used against them in a court, they would be in a 
position to be able to challenge that use.
    Mr. Poe. I thank the Chairman. I have other questions I 
would like to submit for the record for the four panelists.
    Mr. Gowdy. And I am confident that one of your colleagues 
will yield you time, Your Honor, since you have made it known 
that you want it. And if they won't, I will give you mine.
    The Chair will now recognize the gentleman from Georgia, 
Mr. Johnson.
    Mr. Johnson. Thank you, Mr. Chairman.
    Mr. Cole, to follow up on some of the principles that you 
were just talking about, are you familiar with the case of 
State v. Maryland back in 1979, U.S. Supreme Court?
    Mr. Cole. Smith v. Maryland?
    Mr. Johnson. Yes.
    Mr. Cole. Yes, I am, sir.
    Mr. Johnson. Having to do with telephone records. Is that 
correct?
    Mr. Cole. That is correct.
    Mr. Johnson. And the question was whether or not there was 
a Fourth Amendment privacy interest in telephone records held 
by the telephone company?
    Mr. Cole. That is correct. That was the issue.
    Mr. Johnson. And how did the court rule on that issue?
    Mr. Cole. The court ruled that there was no reasonable 
expectation of privacy in those records because they really 
belong to the telephone company. They didn't belong to the 
individual who they related to.
    Mr. Johnson. Now is that case applicable to the case or to 
the issue of collection of metadata?
    Mr. Cole. Yes, sir, it is.
    Mr. Johnson. All right. And so, it was the collection of 
metadata, domestic-to-domestic phone calls metadata--not 
content, but metadata. Domestic-to-domestic, domestic-to-
foreign, foreign-to-domestic. Is that correct?
    Mr. Cole. That is correct. That is the metadata that we are 
talking about here.
    Mr. Johnson. That is the program that Edward Snowden 
revealed. Is that correct?
    Mr. Cole. That is correct.
    Mr. Johnson. And he also revealed a program called the 
PRISM program. Is that correct?
    Mr. Cole. That is correct as well.
    Mr. Johnson. The PRISM program was a program that enabled 
the collection of Internet metadata, not content. Is that 
correct?
    Mr. Cole. No, that is not correct.
    Mr. Johnson. That is not correct. Okay. Explain to me what 
the PRISM program----
    Mr. Cole. PRISM, and I can defer to some of my colleagues 
if I get any of this wrong. PRISM is under the 702 provision, 
which allows collection of content, but it is only content of 
non-U.S. persons who are reasonably believed to be outside of 
the United States.
    Mr. Johnson. Okay. So that is the PRISM program which 
collects data, including content, from foreign communications, 
and then there is a minimalization process of eliminating 
domestic-to-foreign or foreign-to-domestic communications that 
were not relevant to national security. Is that correct?
    Mr. Cole. That is generally correct, or some serious 
impending death or something like that, if there is an 
emergency. But generally, that is correct.
    Mr. Johnson. Now that program, certainly we don't want our 
adversaries to know of what we are doing to watch them and to 
surveil them, foreign intelligence collection. We certainly 
don't want that to be exposed to the public?
    Mr. Cole. No, sir. We do not.
    Mr. Johnson. We need that to be kind of secret. But with 
respect to the data collection of domestic-to-domestic 
metadata, why is it necessary that the American people not know 
of that program? Why is it that that program has to be 
confidential, classified, secret?
    Mr. Cole. I wasn't there at the time that it was 
classified, but I can give a little bit of speculation. The 
more people know about the way we go about trying to identify 
terrorist networks, the more they will avoid the kinds of ways 
that we use to do that. They may start to avoid communicating 
through phones.
    Mr. Johnson. If they can't communicate through phones or 
can't communicate over the Internet, what will they do? Take a 
can on one end and put a string through it, and a can on the 
other end? Would they communicate like that?
    Mr. Cole. It may be more difficult for them to communicate, 
but they may find other ways or other mechanisms or other 
providers to do it through.
    Mr. Johnson. Well, it is always going to be a cat and mouse 
game in that regard.
    Mr. Cole. That is correct.
    Mr. Johnson. The American people, in my opinion, should 
know of the activities that affect them, the collection of 
telephone metadata is not personal information. However, the 
Government collecting this information and creating a database 
with which it can then use to investigate information that is 
acquired from foreign sources related to national security or 
terrorist act, the American people may conclude that they want 
their Government to collect that data.
    But if they don't know that the Government is collecting 
the data and then they find out after it is leaked by someone 
who thinks that it is illegal, they find out in that way and 
then they start to lose confidence in their Government. Is that 
the situation that we find ourselves in today, anyone?
    Mr. Gowdy. The gentleman's time has expired. You may answer 
the question.
    Mr. Johnson. And by the way, I am a former judge, too. 
[Laughter.]
    Mr. Gowdy. Your Honor, had I known that, I would have 
addressed you appropriately. Please accept my apologies, Your 
Honor.
    Mr. Johnson. Thank you. Thank you, Mr. Chairman.
    Mr. Cole. I think that is always the kind of issue that we 
wrestle with, which is the issue of trying to balance the need 
to protect the secrecy of some of these programs so that they 
will be effective with the need to be as transparent as we can 
about it because that is the kind of society we live in, where 
people participate in the decisions of government.
    So those are always difficult balances to find, and that is 
the one we are trying to find and we find ourselves in right 
now.
    Mr. Johnson. Thank you.
    Mr. Gowdy. Thank you, Judge Johnson.
    The Chair would now recognize the gentleman from Idaho, Mr. 
Labrador.
    Mr. Labrador. Thank you, Mr. Chairman.
    You know, I think more important than balancing those needs 
is to balance our liberties with our security, and I think that 
is what we are all concerned about today. We are looking at a 
system that is allowing the Government to collect everybody's 
metadata.
    And just recently, I had the opportunity to travel through 
a series of countries, and I won't mention which country it is, 
but I was told before I went to that country that it was a 
police state. And I had heard that term my entire life. I had 
never really understood what it meant.
    I had heard about the USSR and other Nations that were 
constantly surveilling their citizens and the people who 
visited that country, and I had never experienced what I 
experienced when I was there. Where I actually felt, literally, 
like I was being observed in very place that I went.
    And the place was very secure. The place was very safe. 
There was very little crime. There were very few things 
happening. But it was because people had given up their liberty 
in exchange for security.
    And I think that is what this Committee and I think what 
most Americans are concerned about, that we are going to give 
up our liberties in exchange for security. So I just have a few 
questions.
    Mr. Litt, you said in your introductory statement that this 
was not a rubber stamp, that the judges were not a rubber 
stamp. But I had a hard time following your argument because 
your argument seems to be that because the judges are actually 
reading the material, it is not a rubber stamp. That seems to 
be a nonsensical argument to me.
    I can either rubber stamp something by reading the material 
or not reading the material. That doesn't seem to be a 
determination of whether somebody is rubber stamping something. 
It seems to me that the difference--I was a criminal defense 
attorney. Never a judge, just a criminal defense attorney.
    Mr. Litt. There is still time, sir.
    Mr. Labrador. But no thank you. And it seems to me that 
there is always a check and balance on the power of the 
Government. Even when you go get a warrant when something 
happens, you still have an adversary on the other side who can 
contest it in court, who can contest it in hearings, who can 
contest all those things. But that is not happening in the FISA 
court.
    How can we address that?
    Mr. Litt. So I have a couple of things to say, if I would? 
On your first point about the FISC being a rubber stamp, it is 
not just that they read the opinions. I mean, the idea of a 
rubber stamp is that they don't think about it. They just say 
you are giving me this, approved. And my point is that is not 
what happens.
    They not only read it. They ask questions. They think about 
it. They push back. They do a careful study and analysis. So it 
wasn't--I didn't mean to suggest that it is only because they 
read the----
    Mr. Labrador. Okay. All right.
    Mr. Litt. On your second point, if I can just get 
philosophical for a second, this goes to one of the other 
points that I made in my opening remarks, and that is that what 
we have here is not--is the oversight of intelligence 
activities. It is not a litigation. It is not a criminal trial. 
It is not a civil trial.
    This is a situation----
    Mr. Labrador. And I understand that, but let me stop you 
there. And again, like Judge Poe did just a minute ago, I am 
not so worried about Section 702. I am not so worried about 
foreign intelligence. I am worried about you are gathering my 
information. It is my personal data that right now the United 
States has, and I am concerned about that.
    I am concerned about you having the data, the metadata of 
every single American, and I think there should be some 
mechanism for us to be able to counter whatever the--and I have 
all respect for judges. I served as a lawyer for 15 years. They 
were usually right, and I was usually wrong. At least I would 
tell them that.
    And I have a great respect for the legal system, for the 
judiciary system. But I am concerned when you don't have 
somebody on the other side, advocating for the rights of 
citizens of the United States, and it is something that we need 
to discuss here in this Committee and we need to figure out.
    Now let us go to Smith v. Maryland. Mr. Cole, you mentioned 
Smith v. Maryland. It is totally not an analogous case, I 
believe, to what we are talking about here. What in the FISA 
statute or in the PATRIOT Act allows you to collect the data of 
every single American? That is what I am not understanding.
    Because even if you follow Smith v. Maryland, you are 
talking about one individual who was suspected of committing a 
crime, and now you are telling me, and we have just recently 
learned, that we are collecting the metadata of every single 
American. And that concerns me.
    Mr. Cole. I think there are two different issues that are 
involved here. Smith v. Maryland only goes to the issue of 
whether the Fourth Amendment applies to this kind of data, not 
whether the Fourth Amendment prohibits or allows the kind of 
collection under 215. That is a separate issue, and that is 
governed by the provisions of the statute of Section 215, which 
requires that in order for a court to approve the collection 
method that is being put forth, it must have demonstrated to it 
that the data is relevant to the investigation of the specified 
terrorist groups.
    The relevance is found in the combination of the two 
orders. The limitations first, where the court says you can't 
just roam through this any time you want, for any purpose you 
want, any day you want, any time you want. That cannot be done. 
You must find reasonable, articulable suspicion that the number 
you want to query is related to one of these terrorist groups.
    Mr. Labrador. And I understand that. I believe that this 
argument, before my time has expired, but I think that 
determination has to occur before you collect the data, not 
after you collect the data. And I think that is what is wrong 
with what you guys are doing at this time.
    But I appreciate your service. I appreciate you being here 
today.
    Mr. Gowdy. I thank the gentleman from Idaho.
    The Chair will now recognize the gentlelady from 
California, Ms. Chu.
    Ms. Chu. Thank you, Mr. Chair.
    I was listening to the steps that you outlined for actually 
doing a query for the metabase, the metadata. And you were 
describing it as a way of showing what kind of constraints you 
use on this information.
    So, Mr. Inglis, I would like to ask this. It sounds to me 
like, first, you have determined that the phone numbers of all 
the American people is relevant. Then in order to actually 
query the database, you have to establish reasonable, 
articulable suspicion. And in order to do that, you have said 
that 22 people at NSA can approve the query.
    I wonder why is it that these 22 people have this power? 
They appear to be acting like court judges, and why would they 
be performing the job that the FISA courts were set up to do?
    In other words, shouldn't the agency go to a FISA court to 
seek to retrieve data from a third party's database when they 
actually have need of specified information, and who are these 
22 people?
    Mr. Inglis. So the court, in its order, has prescribed that 
particular procedure, has prescribed that those people, that 
number of people would have that authority, and that those 
people would follow court-ordered procedure and that they be 
trained to a standard, again approved by the court. And so, 
that is how we came to that particular implementation.
    Defer to Mr. Cole for any of the legal analysis under that.
    Mr. Cole. I think the only issue that I would take with how 
you describe it is by saying you first have to define or find 
that all of those records are relevant. This is a combination 
of two different court orders that come together, and they have 
to be read together as you look at this.
    So it is not just one or the other. It is a whole program 
that is put together and presented to the court with the 
limitations and the oversight and the restrictions on how it 
can be accessed. Only with all of those considered as a whole 
does the court then make the relevancy determination.
    Ms. Chu. Well, then let me continue on with the description 
that you gave with regard to how you proceed along these lines, 
which is that after they approve it, then it appears that after 
the fact you have an audit, and then you file papers with the 
court on this audit. And then the Department of Justice reviews 
it.
    Mr. Cole. It is not exactly in that order, and again, Mr. 
Inglis can correct me if I am wrong. There is the documented 
reasonable, articulable suspicion that takes place ahead of 
time. That is then reviewed again by supervisors ahead of time 
to make sure that it is being done properly and the standards 
are being applied properly.
    The query is then made. On a periodic basis, the Department 
of Justice and the Office of the Director of National 
Intelligence, the Inspector General for NSA all sample and look 
at these things to make sure that, in fact, it is being applied 
properly and that it is being done properly and that there 
aren't any misapplications of it.
    And there are periodic reports that go to the court of any 
compliance problems. We have to talk about every 90 days 
getting renewed authority. And when there are any issues that 
come up and any problems that are discovered, they are reported 
to the Congress and to the Intelligence and the Judiciary 
Committees as well.
    So there are a lot of different checks and balances and 
audits that go on, both before the query is made, as well as 
after the query is made. And if there are problems found with 
the query, then that is all fixed, and whatever is collected is 
remediated.
    Ms. Chu. Well, my concern with regard to the second half is 
that it is retroactive, and it seems that more of the 
protection should be on the first half of these steps that you 
are talking about. And are those documents with regard to your 
DOJ reviews of the queries, are those available to this 
Committee?
    Mr. Cole. I would imagine that those would probably be 
classified documents. I would have to go back and check, but 
that is--it certainly would look at the facts that we have and 
how we get them and what the nature of them is. So my guess 
would be that those would be classified.
    Ms. Chu. Are they--well, you said they were reviewed by 
Congress, but where?
    Mr. Cole. I think that the review takes place. There are 
reports that are made. When leadership of the Committee or 
other aspects of the Committee want briefings in classified 
settings, those are arranged as well.
    Ms. Chu. Okay. Well, let me ask also about the issue of 
court documents. I understand that secrecy is essential when 
conducting any intelligence investigations. But we have to 
ensure that these efforts are working within the legal 
framework of the Constitution.
    We learned earlier this week that a FISA court agreed to 
declassify documents from a 2008 case in which Yahoo! raised 
concerns about NSA's data collecting program, and other 
requests have been filed by companies that are in similar 
situations. What is the harm in releasing this type of 
information? Shouldn't the American public be informed about 
how this type of information is collected and used, and why 
couldn't you redact the information that is of security 
concern?
    Mr. Gowdy. You may answer the question. The gentlelady's 
time has expired, but you may answer her question.
    Mr. Litt. I think we all agree that that is something that 
should be done. It is difficult to do because, frequently, the 
classified information is fully intertwined with the legal 
analysis. But we recognize that it is our obligation to make as 
much of this available to the public as we can, and we are 
working as hard as we can to accomplish that.
    Ms. Chu. Thank you.
    Mr. Gowdy. Thank the gentlelady from California.
    The Chair will now recognize the gentleman from Texas, Mr. 
Farenthold.
    Mr. Farenthold. Thank you, Mr. Chairman.
    I don't know where to start here. I have got so many 
questions. I guess I will start with Mr. Cole.
    Do you see any limitation under the Fourth Amendment or the 
PATRIOT Act on the Government's power to gather information in 
mass on people?
    Mr. Cole. Yes, sir. I see very many limitations from both 
the Fourth Amendment and from the PATRIOT Act and from the FISA 
Act. There are many, many limitations that are put in and many, 
many checks and balances, both through the United States 
Congress and the courts.
    Mr. Farenthold. All right. So let us go over a couple of 
those. I assume you would have to go to the FISA court, and 
those are one of the checks and balances. Could you go to the 
FISA court and argue that you had a right to obtain, say, 
either an individual's or every American's tax return. Could 
you argue that with a straight face?
    Mr. Cole. Well, I think they----
    Mr. Farenthold. I have got a long list of them. Yes or no.
    Mr. Cole. Any individual's tax return, there are separate 
laws that cover the acquisition of tax returns.
    Mr. Farenthold. All right. So you can get tax returns. 
Could you get at somebody's permanent record from school?
    Mr. Cole. If it was relevant to the investigation, you 
could go to the FISA court and ask for that----
    Mr. Farenthold. Could you get somebody's hotel records?
    Mr. Cole. If it was relevant to the investigation.
    Mr. Farenthold. Could you get records of everybody who 
stayed in a particular hotel at any time?
    Mr. Cole. If you can demonstrate to the court that it is 
relevant to the investigation.
    Mr. Farenthold. Okay. Could you--you could get my Visa/
Mastercard records?
    Mr. Cole. If I can demonstrate to the court that it is 
relevant----
    Mr. Farenthold. All right. Could you demonstrate, could you 
argue with a straight face you could demonstrate the court to 
create a database of everybody's Visa and Mastercard, every 
financial transactions that happened in the country because 
Visa and Mastercard only keep those for a couple of years?
    Mr. Cole. Mr. Farenthold, that is all dependent on exactly 
what I am investigating and what the relevance of information 
would be and how it would be used and how it would be limited. 
All of those factors have to go into it. It is not a simple yes 
or no, black or white issue. It is a very complicated issue.
    Mr. Farenthold. Could you get Google searches?
    Mr. Cole. I am sorry, sir?
    Mr. Farenthold. Could you get all the searches I made on a 
search engine?
    Mr. Cole. Again, it would depend. I would have to make a 
showing to the court that that kind of information was relevant 
to the investigation.
    Mr. Farenthold. Could you get all Google searches and then 
come back and say we are going to search them later when we 
have got that information?
    Mr. Cole. It would depend on the way that I would be able 
to search them. And again, under 215 of these--of this statute 
that we are talking about, it is only if I can show that it is 
related to specific terrorist organizations. It is not for 
anything under the sun.
    Mr. Farenthold. Can you get the GPS data from my phone, 
too, probably?
    Mr. Cole. I am sorry?
    Mr. Farenthold. You can probably make a good argument for 
getting the GPS data out of my phones or the mappings off where 
I use on my phones, too?
    Mr. Cole. Again, there is great limitations on how I can do 
that and only if it is relevant to an investigation of those 
specific terrorist organizations.
    Mr. Farenthold. All right. But how is having every phone 
call that I make to my wife, to my daughter relevant to any 
terror investigation?
    Mr. Cole. I don't know that every call you make to your 
wife or your daughter----
    Mr. Farenthold. But you have got them.
    Mr. Cole. I don't know that they would be relevant, and we 
would probably not seek to query them because we wouldn't have 
the information that we would need to make that query.
    Mr. Farenthold. But somebody like Mr. Snowden might be able 
to query them without your knowledge?
    Mr. Cole. I don't believe that is true, but Mr. Inglis 
could answer that. I don't think he would have access to that 
or be able to do it.
    Mr. Farenthold. Okay.
    Mr. Inglis. We don't believe that he could query those 
without our knowledge, and therefore, those would be caught.
    Mr. Farenthold. All right. That is slightly reassuring.
    The Fourth Amendment specifically was designed, as Judge 
Poe pointed out, to prohibit general warrants. How could 
collecting every piece of phone data be perceived as anything 
but a general warrant?
    Mr. Cole. Because the phone data, according to the Supreme 
Court, is not something within which citizens have a reasonable 
expectation of privacy. It belongs to the phone company.
    Mr. Farenthold. So do I have a reasonable expectation of 
privacy in any information that I share with any company, my 
Google searches, the email I send? Do I have a reasonable 
expectation of privacy in anything, but maybe a letter I hand 
deliver to my wife in a skiff?
    Mr. Cole. Those are all dependent on the facts and 
circumstances of the documents we are talking about. In the 
case of metadata, the Supreme Court specifically ruled that 
there was not coverage by the Fourth Amendment because of no 
reasonable expectation of privacy.
    Mr. Farenthold. I just want to point out how concerned I am 
about this data being so easily available, and just with a 
stroke of a pen, Congress and the President could change the 
search criteria as to what is searched or change the definition 
of a terrorist or search--the fact that this data exists in the 
hands of the Government. We saw what the IRS has done with tax 
returns, targeting people for political belief.
    Let me ask you one other quick question. Why do these 
orders not violate the First Amendment? We have talked a lot 
about the Fourth Amendment, but why doesn't it violate the 
First Amendment, my right to freedom of association and my 
freedom of speech, having the Government know who I am talking 
to and when?
    Mr. Cole. Again, these are issues that are looked at by the 
court in determining whether any constitutional rights are 
involved. We don't know who it is that has a specific phone 
number that is being called under this.
    Mr. Farenthold. And you can't look that up on one page on 
the Internet?
    I yield back.
    Mr. Gowdy. The gentleman's time has expired.
    The Chair will now recognize the gentleman from Florida, 
Mr. Deutch.
    Mr. Deutch. Thank you, Mr. Chairman.
    Mr. Chairman, like many Americans, I was shocked by the 
revelations that the NSA has been secretly collecting phone 
records, Internet data on millions of Americans, thanks to a 
lawfully issued warrant approved by the Foreign Intelligence 
Surveillance Court, often called the FISA court. Many Members 
of Congress, myself included, were left completely in the dark 
about the extent of the NSA's data mining program, and I worry 
about the balance between legitimate national security needs 
and the constitutionally protected rights of all Americans.
    The Government is stockpiling sensitive personal data on a 
grand scale. Intelligence officers, contractors, and personnel 
only need a rubber stamp warrant from the FISA court to then 
learn virtually everything there is to know about an American 
citizen.
    The American people have a right to know about this program 
and at the very least know that such a program is operating 
within our system of checks and balances. And I believe 
Congress has a constitutional obligation to protect individual 
privacy rights, and I believe it is time to reexamine the 
PATRIOT Act, insert greater accountability into the FISA court, 
and ensure that our laws cannot be interpreted behind the backs 
of the American public.
    With this hearing, this Committee has begun this important 
work of oversight and repair, and I thank the Chairman and the 
Ranking Member for calling this hearing. I thank the witnesses 
as well for participating.
    Mr. Cole, I want to ask you about the October 2011 letter 
sent by then-Assistant Attorney General Ronald Weich to 
Senators Wyden and Udall regarding Section 215. The disturbing 
information that Senators Wyden and Udall learned, however, was 
classified and was, thus, kept from the American public and 
even most Members of Congress.
    Now Mr. Weich seemed to imply in his response to Senators 
Wyden and Udall that because Congress, or at least a select 
number of Members of Congress anyway, received intelligence 
briefings in accordance with the PATRIOT Act that there is no 
cause for alarm that the Government was using some sort of 
secret law, secret law to expand its surveillance activities.
    Now the PATRIOT Act was passed in response to the horrific 
attacks on 9/11, designed to bolster national security by 
expanding the investigative techniques used by the Government 
and law enforcement officials to hunt down suspected 
terrorists, something that we all agree is important. But 
Section 215 had a standard of relevance, and there had to be 
concrete information linking a person to a terrorist 
organization before the NSA could secure that person's 
information.
    Instead, what we have learned is that the FISA court has 
essentially rewritten Section 215 to say that any and all 
person's records may be considered relevant, therefore allowing 
the NSA to indiscriminately collect sensitive data on all 
Americans. The fact is in 2012, the Government made 1,789 
requests to conduct electronic surveillance. The court approved 
1,788, and the Government withdrew the other.
    Now as a Member of Congress who was not privy to those 
intelligence briefings, I had to accept Mr. Weich's assurance 
that there is no secret law. But in the aftermath of these 
recent leaks, however, it seems that there may be secret laws. 
Laws not passed by Congress. Laws not publicly interpreted by 
the Supreme Court, but rather secret laws born out of a 
classified interpretation of the PATRIOT Act by the FISA court.
    The New York Times recently reported that the FISA court 
has quietly become almost a parallel Supreme Court, serving as 
the ultimate arbiter on surveillance issues. I would point out 
with only the arguments of the Federal Government alone to be 
considered.
    Now even a former FISA judge has come forward with concerns 
that the body has become a de facto administrative agency, 
which makes and approves rules for others to follow. Now that 
it has become public that FISA courts have broadly, perhaps 
even unconstitutionally, redefined the relevance standard in 
Section 215, is it still the department's position that the 
Government isn't essentially operating with a secret playbook?
    Mr. Cole. Mr. Deutch, I don't think we are operating with a 
secret playbook. There is, again, as we have discussed in many 
instances in our hearing today, the tension that exists between 
maintaining the integrity and the secrecy of some of the 
national security investigative tools that we use and making 
sure that people know about it.
    We have, in the course of the reauthorization of the 
PATRIOT Act, on several occasions done classified briefings, 
made individual----
    Mr. Deutch. Mr. Cole, I am sorry to cut you off, but I only 
have a second left. Let me just broaden the question then for a 
second because I am speaking about these decisions that the 
FISA courts make as the supreme arbiter of this law.
    And stepping back for a moment at a more basic level, does 
the panel understand why the American people may find this 
revelation shocking, that secret court rulings could expand the 
powers of the Federal Government beyond perhaps what was 
originally authorized by law and that an entire chapter in our 
laws is being written outside of the three branches of 
Government altogether?
    Mr. Cole. I think, again, this is an area where we are 
looking to see what kinds of opinions from the FISA court we 
can make public. These are things that we are trying to do and 
trying to go through.
    All significant opinions and all significant pleadings that 
have been filed with the FISA court are made available to the 
Committees, to the Intelligence Committee and Judiciary 
Committee, so they can see them. We are not trying to keep them 
secret. We are just trying to maintain the classified nature of 
some of these.
    But these are issues that we are trying to grapple with and 
trying to determine what we can let out so that we can have 
this broader discussion.
    Mr. Gowdy. I thank the gentleman from Florida.
    The Chair would now recognize the gentleman from North 
Carolina, the former United States attorney, Mr. Holding.
    Mr. Holding. Thank you, Mr. Chairman.
    In a different professional capacity, I successfully used 
FISA warrants to investigate, disrupt, and prosecute terrorists 
and terrorist acts, and I can attest that not only are they 
effective, but there are very high burdens and hurdles to use 
FISA warrants. And they are significant.
    But I want to step for the few moments that I have outside 
of the prosecution of terrorism and investigation of terrorism 
and just talk about the use of telephone records in everyday, 
garden-variety criminal cases, whether they are public 
corruption cases, fraud cases, drug cases. And Mr. Cole, I will 
direct my questions to you.
    If you could step through for us how the Department of 
Justice prosecutors and investigative agencies obtain telephone 
records just in garden-variety cases and how they are 
ultimately used?
    Mr. Cole. There are two different ways we do it, pursuant 
to the law. Historical telephone records that exist for prior 
calls we can get with grand jury subpoenas in a normal criminal 
case. Those can be issued by a prosecutor, delivered to the 
telephone provider, and ask for a range of data.
    Mr. Holding. So no judicial involvement, just a grand jury 
involved?
    Mr. Cole. There is no judicial involvement, just the grand 
jury involvement, and the prosecutor defines the scope and the 
nature and the numbers that are involved.
    Mr. Holding. So the prosecutor could request telephone 
records going back as long as they want to, the only limitation 
being does the telephone company still have those records?
    Mr. Cole. There would be one additional limitation. The 
telephone company could challenge the subpoena as being overly 
burdensome and irrelevant to any reasonable investigation, and 
the court could take that up, which would be in a sealed 
proceeding because it is a grand jury proceeding. So it 
wouldn't be public.
    Mr. Holding. And what would the standard be that the judge 
would use to evaluate the motion to quash?
    Mr. Cole. Generally, relevance to the investigation.
    Mr. Holding. So the Fourth Amendment doesn't come into play 
there?
    Mr. Cole. Not for telephone records. It does not.
    Mr. Holding. And this is available to prosecutors, Federal 
prosecutors across the country?
    Mr. Cole. Yes, it is.
    Mr. Holding. And the only showing that they have to make to 
the grand jury is what, that it is relevant?
    Mr. Cole. That it is relevant.
    Mr. Holding. And once you have gotten the telephone records 
and it shows let us say hits between the person, the subject 
that you are investigating and a relevant other person in the 
investigation, then what do you do to start listening to those 
telephone calls?
    Mr. Cole. Well, if we wanted to listen to any telephone 
calls, and that would obviously be just telephone calls that 
would start happening into the future, we would have to go to 
the court and seek authorization under Title III of the U.S. 
Code to get a wiretap. And we would have to show probable cause 
to believe that, in fact, the person talking on the phone was 
involved in criminal activity and that through that phone they 
were discussing criminal activity. And we would obtain evidence 
of that criminal activity by listening to the calls.
    Mr. Holding. Would you hazard to make a guess of how many 
wiretaps are in use on a daily basis?
    Mr. Cole. I couldn't hazard a guess, but there are a fair 
number of them.
    Mr. Holding. Probably hundreds perhaps?
    Mr. Cole. Probably.
    Mr. Holding. As far as my friend Mr. Scott was talking 
about, if you find evidence of some other criminal conduct 
during an investigation, let us say during a Title III wiretap, 
you are investigating one crime, you hear a conversation that 
suggests that another crime is being committed, are there any 
limitations on use?
    Mr. Cole. Generally not, other than the restrictions on how 
you can use wiretap information. There are restrictions on that 
and the secrecy that is involved in those and the protection of 
innocent calls. But generally, you can use that information if 
it relates to other criminal conduct, according to the rules of 
procedure in the law.
    Mr. Holding. So in my take-away, having heard you describe 
in detail how the 215 program works and the 702 program works, 
the restrictions and the limitations on use from those two 
programs is much more restrictive and limited than what 
prosecutors and law enforcement are using on a daily basis 
throughout the United States investigating garden-variety 
crimes being committed by U.S. citizens?
    Mr. Cole. In the main, there are some differences here and 
there. For example, the burden to get a wiretap may be a higher 
burden than for 702 coverage, but it is a different burden if 
we wanted to do a FISA for somebody in the United States. That 
would be, again, a probable cause standard, but probable cause 
that they are involved in foreign intelligence.
    Mr. Holding. Thank you, Mr. Chairman. I yield back.
    Mr. Gowdy. I thank the gentleman from North Carolina.
    The Chair will now recognize the gentlelady from 
Washington, Ms. DelBene.
    Ms. DelBene. Thank you, Mr. Chair, and thank all of you for 
being here today.
    Last month, when Director Mueller appeared before this 
Committee, I stated that I agree with those who believe that 
greater transparency about the requests that governmental 
entities are making to Internet companies and providers will 
help inform the discussion that we are having on balancing 
national security with privacy rights and civil liberties.
    And one of the questions that I asked the Director was how 
the FBI and the Department of Justice will respond to the 
request by Google that it be permitted to provide reports of 
the number of FISA national security requests it receives, as 
well as their scope.
    And at the time, Director Mueller noted that this was being 
looked at. And so, I was wondering, Mr. Cole, if you are able 
to share with us what the response is to this request?
    Mr. Cole. Unfortunately, this is a matter that is currently 
before the court. It is in litigation. So I can't say too much 
about it, other than to reiterate what Director Mueller said, 
which is this is a matter that we are, in fact, looking at and 
take seriously.
    Ms. DelBene. Now we do have some data that is out there 
already because in March of this year, Google worked with--I 
believe Google worked with the DOJ and the FBI to disclose in 
broad strokes the number of national security letters that 
Google receives. Correct?
    Mr. Cole. That is correct.
    Ms. DelBene. And so, we do have some information. Do we 
know whether that information that was released has had any 
impact on national security?
    Mr. Cole. Generally, it is hard to tell unless you have a 
substantial period of time afterwards as to whether or not it 
has an impact. So we haven't had enough time yet.
    Ms. DelBene. Okay, thank you.
    The public also now knows that the telephone metadata 
collection is under Section 215, the business records provision 
of FISA, and that allows for the collection of tangible things. 
But we have also seen reports of a now-defunct program 
collecting email metadata.
    With regard to the email metadata program that is no longer 
being operated, can you confirm that the authority used to 
collect that data was also Section 215?
    Mr. Cole. It was not. It was the pen register trap and 
trace authority under FISA, which is slightly different. But it 
amounts to the same kind of thing. It does not involve any 
content. It is, again, only to and from.
    It doesn't involve, I believe, information about identity. 
It is just email addresses. So it is very similar, but not 
under the same provision.
    Ms. DelBene. And could you have used Section 215 to collect 
that information?
    Mr. Cole. Hard to tell. I would have to take a look at 
that.
    Ms. DelBene. Because I think it is important for us to know 
whether or not there is any limitations on the types of 
information within Section 215 that prevent you from collecting 
whether it is email metadata or GPS and geolocation 
information, et cetera. How broad is that authority?
    Mr. Cole. Again, it is only as broad as what the courts can 
find under 215 that is relevant. But there are different 
authorities in FISA. So we would have to look to see how those 
all work together.
    Ms. DelBene. Mr. Litt, were you going to----
    Mr. Litt. No, I was just going to say that it is important 
to remember that the 215 authority allows you to acquire 
existing records and documents, and it is limited to that.
    Ms. DelBene. Although you could argue that geolocation 
information may also be existing, and would you consider that 
to be metadata as well?
    Mr. Litt. I think that the Director of the National 
Security Agency has stated that we are not collecting that 
under Section 215 and that we will come to the Congress and 
consult with the Congress before any decision was made to do 
so.
    Ms. DelBene. But you understand it is important for us to 
know what the breadth and limitations are, as we look at 
policy. And clearly, there is some confusion here right now. So 
we need to understand how it is being used and what information 
might be being collected so we can make sure intent is 
delivered appropriately.
    So I agree with the President's view that we need to set up 
a national conversation on balancing privacy and security. But 
in order to have that conversation, have a productive 
conversation, we need information that is going to help fuel 
that conversation, information like the breadth of Section 215, 
et cetera. And so, I hope we can continue that and have--and 
get access to more information so that we can have a productive 
discussion going forward.
    And thank you for your time. I yield back.
    Mr. Gowdy. Thank the gentlelady from Washington.
    The Chair would now recognize the gentleman from Texas, 
Judge Gohmert.
    Mr. Gohmert. Thank you, Mr. Chairman.
    In answer to some of the other questions, you have provided 
an adequate defense. The trouble is we have seen the abuses of 
Government. We have seen the gathering of data. And I can tell 
you from having been here not when the PATRIOT Act was passed 
originally, but when it was extended back in my first term in 
Congress, it got down to where there were only two Republicans 
demanding any type of safeguard, I thought. And there were two 
of us that wanted sunsets.
    I was the one that argued for 25 minutes in our 30-minute 
pre-hearing meeting demanding sunsets, and then my friend Dan 
Lungren had the amendments. And we got at least two sunsets on 
206 and 215. And the argument I made for 25 minutes that turned 
my colleagues, Republicans, around in our meeting was I have 
seen how there can be violations of due process if everyone is 
not very diligent, and we need the safeguards in order to have 
proper oversight.
    And what we have seen and what has been disclosed of the 
monitoring scares me. We have had hearings in this room. People 
like Jerry Nadler have argued about dangers of Government 
having too much information. And from my experience as a judge 
and chief justice with State judges and Federal judges and 
having practiced before a very conservative Federal judge named 
Bill Steger and a very liberal judge named William Wayne 
Justice, I couldn't imagine anybody granting the kind of orders 
we have now seen granted. Just a blanket summary, go get all of 
these phone records.
    And I understand the assurances, no, we don't have names 
with them. But isn't it true that you can go on public or 
private data, any individual, and secure the names for 
different numbers? Isn't that true?
    Mr. Cole. There are ways to secure the names for any number 
of numbers, maybe not every single one.
    Mr. Gohmert. And I recall back in 2002, as a chief justice 
at a conference, getting into a debate with a CIA lawyer who 
was arguing, look, banks have all your financial records. Why 
shouldn't the Government?
    And I was pointing out as a conservative it is because 
banks can't show up at your house, put you in handcuffs, throw 
you to the ground, and drag you off to jail, which has been 
done by the Government. So there is an important distinction.
    And then we find out that though many of us opposed it, the 
Consumer Financial Protection Bureau has been gathering 
information on everybody's financial records. But they say the 
same thing that most of you are saying, look, we are not 
putting the names with it. But isn't it true that the Federal--
that even the NSA can get access to the information gathered by 
the Consumer Financial Protection Bureau?
    Mr. Inglis. Sir, I imagine that could be true, but I would 
say that we can't pull the telephone numbers from this database 
under any circumstances other than that prescribed by the 
court.
    Mr. Gohmert. But you are entitled to go--I mean, we have 
had this debate in here. You are entitled to go on the Internet 
or go to private sources that any private citizen could and 
gather that information without violating any constitutional 
rights. Isn't that correct?
    Mr. Inglis. Certainly. But if the premise is we would do 
that to match names, identification, personal information 
against the telephone numbers, we don't have access to the 
telephone numbers unless we follow the prescribed rules of the 
court, pursuant to a terrorism investigation.
    Mr. Gohmert. But if you can gather the information that a 
private individual could and couple that with information that 
only the Federal Government we are now learning is gathering, 
then it really constitutes a grave threat to privacy. By the 
way, the Consumer Financial Protection Bureau said this, their 
Director said this in testimony before Congress.
    The bureau has also issued regulations that limit the 
circumstance in which it may disseminate internally, share with 
other agencies, or disclose the public confidential 
information, share with other agencies. So they know they can 
share with other agencies if another agency or they feel it is 
helpful.
    This begins to be a little scary, and the justification we 
get seems to be, well, but look, there are a handful of cases 
where we have avoided terrorism by really gathering all this 
private information. And it makes me think how many times could 
King George III have argued that, look, by putting officers in 
every one of your homes that we were uncomfortable with, we 
ended up being able to avoid a couple of problems of violence.
    We don't want people in our homes, and that includes the 
Federal Government watching through a big eye through our 
computers.
    And I appreciate you being here today. Thank you.
    Mr. Gowdy. Thank the gentleman from Texas.
    The Chair would now recognize the gentleman from New York, 
Mr. Jeffries.
    Mr. Jeffries. Thank you.
    Mr. Cole, am I correct that it is your position and the 
position of everyone on the panel that the telephone records of 
potentially hundreds of millions of Americans in the form of 
metadata, as has been discussed today, is relevant to a 
national security investigation?
    Mr. Cole. They are relevant when they are only queried 
under the limitations that are described by the court, where 
you have to have reasonable, articulable suspicion that the 
phone numbert is connected to some terrorist matter and 
investigation.
    Mr. Jeffries. So, fundamentally, it is your position that 
they are relevant because the court, the FISA court has 
articulated a set of criteria by which further inquiry can be 
undertaken. Is that correct?
    Mr. Cole. They are. And they are relevant because you have 
to have the--it is the old adage of if you are looking for the 
needle in the haystack, you have to have the entire haystack to 
look through. But we are not allowed to look through that 
haystack willy-nilly.
    Mr. Jeffries. Right. Now in terms of looking through that 
haystack of these phone records that are acquired based on 
reasonable, articulable suspicion, am I correct that it is 22 
NSA individuals who are authorized to make the determination of 
reasonable, articulable suspicion? Is that right?
    Mr. Cole. I will give that to Mr. Inglis to give you the 
numbers.
    Mr. Inglis. That is correct, sir.
    Mr. Jeffries. Okay. So these individuals don't have to go 
back to the court in order to determine whether they can move 
forward with a more invasive inspection of the phone records of 
the Americans contained in the database that you have acquired. 
Is that correct?
    Mr. Inglis. They use the rules of the court to make the 
limited query that the court----
    Mr. Jeffries. Right. They are using the rules of the court, 
but they are making the determination, not the court, as to the 
invasiveness of the further inspection. Am I correct?
    Mr. Inglis. On a case-by-case basis, they determine the 
selector.
    Mr. Jeffries. Okay. Now, Mr. Litt, you have indicated that 
in your view, the FISA court is not a rubber stamp. Correct? 
That was your testimony?
    Mr. Litt. That is correct.
    Mr. Jeffries. And I think in response to the distinguished 
gentleman from Idaho, you said, well, it is not a rubber stamp 
because they read. They ask questions. They pushback. There is 
careful study and analysis. Is that an accurate 
characterization of your testimony?
    Mr. Litt. Reasonably accurate. Yes, sir.
    Mr. Jeffries. Okay. Now we just had the baseball all-star 
game yesterday, and of course, we know nothing is as American 
as baseball and apple pie. And if you think back on the history 
of baseball, I just took a quick look. I am a baseball fan 
myself.
    Now Stan ``the man'' Musial, great hitter from St. Louis, 
his batting average lifetime, he was close to being in the top 
25, .331, Stan ``the man'' Musial.
    Babe Ruth, 10th all time. His lifetime batting average was 
.342. Ted Williams, the great lefty from the Boston Red Sox, 
his lifetime batting average was .344. Ty Cobb, the Georgia 
peach--I may disagree with some of his views on social justice 
issues, but he was a great hitter. The number-one hitter all 
time----
    Mr. Litt. .363?
    Mr. Jeffries [continuing]. Based on average, .366. 
[Laughter.]
    Mr. Jeffries. Pretty impressive, though, but I am still 
going to continue to ask you questions about this dynamic.
    Now I took a look. So these are the greatest hitters of all 
time. I took a look at what your batting average is as it 
relates to the FISA court, and I am a little troubled at what 
we were able to determine.
    So am I correct that in terms of the total applications 
submitted since 1979, there were 33,949 applications submitted. 
Is that accurate?
    Mr. Litt. I don't know the number. I wouldn't disagree with 
your number. I just don't know it off the top of my head.
    Mr. Jeffries. Okay. And of that total number of 
applications, 490 it appears were modified. Is that correct? 
You have no reason to disagree with that number. Is that right?
    Mr. Litt. Again, I don't know the answer.
    Mr. Jeffries. Okay. So----
    Mr. Litt. But if I can just add one----
    Mr. Jeffries. Well, let me just make an observation.
    Mr. Litt. Okay.
    Mr. Jeffries. And I have got limited time here. One-point-
four percent of the total number of applications made were 
modified. But what is even more troubling, since 1979, 11 
applications were denied. Is that correct, 11?
    Mr. Litt. Again, I will take your word for that.
    Mr. Jeffries. Okay. So your success rate, your batting 
average, was 99 percent of the time that you have applied to 
acquire information that could possibly include communication 
from one American to another American, yet you have taken the 
position that the FISA court is an independent check to protect 
the civil liberties and constitutional rights of Americans. Is 
that correct?
    Mr. Litt. So I guess the answer is that we are not exactly 
talking about baseball here. We have a--if you imagine a 
situation where the kind of interaction we have with the FISA 
court is the FISA court throws a pitch, and we don't hit it. 
And the court says we want the pitch a little bit higher. Can 
you throw the pitch a little bit higher? And it is still not 
right. So make it a little more inside.
    That is the interaction we have with the FISA court. They 
come back to us and tell us what we need to do to submit an 
application that will get approved.
    Mr. Jeffries. Right. Those modifications, and I know my 
time has run out, only took place 1.4 percent of the times, and 
that is why I think we are all concerned, or many of us are 
concerned that there is not an appropriate check on behalf of 
the Americans whose records could be subjected to an invasive 
search.
    I thank you all for your service, yield back the balance of 
my time.
    Mr. Litt. May I say one thing briefly, Mr. Chairman?
    Mr. Gowdy. Sure.
    Mr. Litt. The number for modification there I think does 
not reflect the full number of times in which the court asks 
questions and comes back to us. My understanding is that that 
is simply--that comes at the very end of the process, but there 
is a substantial give and take before we get to that point. So 
that is not a full reflection.
    Mr. Gowdy. The Chair thanks the gentleman from New York and 
now recognizes the gentleman from Utah, Mr. Chaffetz.
    Mr. Chaffetz. I thank the Chairman.
    And I thank the four of you for your service. I know how 
much you care for your country, and we do as well, and 
appreciate the dialogue. It is what differentiates the United 
States of America from most others.
    So, Mr. Cole, is geolocation information metadata, or is it 
content?
    Mr. Cole. That is an area of the law that is, I think, 
evolving in light of the Jones case, and it is one that I think 
the courts are now grappling with. It is not clearly as----
    Mr. Chaffetz. The courts--the courts did rule in the Jones 
case 9-0. They were pretty clear. Justice Alito was also fairly 
clear that Congress needed to grapple with this as well. Has 
the Department of Justice issued any guidance on Jones?
    Mr. Cole. We are in the process of looking through that. 
Jones was based mostly on a trespass----
    Mr. Chaffetz. I know what it was.
    Mr. Cole [continuing]. Opposed to a search and seizure.
    Mr. Chaffetz. Have you issued any guidance on Jones?
    Mr. Cole. We are in the process of looking through that to 
do it.
    Mr. Chaffetz. That is not an accurate answer. My 
understanding is there are at least two documents that the 
Department of Justice has issued to the Federal Bureau of 
Investigations, for instance. It was uncovered through a FOIA 
request. Almost every page of this was redacted.
    So you have, indeed, actually issued guidance on Jones. 
Correct?
    Mr. Cole. I will stand to be corrected. If you have those, 
yes.
    Mr. Chaffetz. Will the Department of Justice provide to 
this body, to this Committee, the guidance on Jones?
    Mr. Cole. That is something we will have to look into. 
There are lots of law enforcement----
    Mr. Chaffetz. No, no, no. Wait a second. I know there are 
law enforcement issues. I know there are other things. Why 
would you not provide to the United States Congress, the 
Committee on the Judiciary, why would you not provide a copy of 
that guidance for this Committee?
    Mr. Cole. If it discloses law enforcement sensitive 
information and techniques of how we go about fighting crime 
and finding criminals, then we may not feel free to disclose 
it.
    Mr. Chaffetz. And to the Chairman of this Committee, I 
think this is one of the great concerns. So let me ask you 
again, is geolocation metadata, or is it content?
    Mr. Cole. It is not content, as that would be called. It 
doesn't give you the content of anybody's calls. All it gives 
you is information about where they are.
    Mr. Chaffetz. So you are saying, in other words, that 
geolocation you would classify as metadata?
    Mr. Cole. I am not sure that it is one or the other. I 
think there are times where there are things that are in 
between, and this may be one of those. It is certainly not 
content. It probably tends more toward metadata. But again, 
this is an evolving area of the law.
    Mr. Chaffetz. How is it evolving? I mean, we haven't--this 
is what scares me about what you are doing and how you are 
doing it. If you knew exactly where I was standing, you are 
telling me that that is not content?
    Mr. Cole. That is not the content of your conversation, no. 
And other people may see you----
    Mr. Chaffetz. So the content----
    Mr. Cole. If you are standing out in public, any number of 
other people may see you there.
    Mr. Chaffetz. So, but if I was standing on private 
property?
    Mr. Cole. This is part of what Jones talks about is the 
trespass issue.
    Mr. Chaffetz. And they ruled 9-0 that it was an overstep 
and an overreach. So are you collecting that data?
    Mr. Cole. We are not collecting that data.
    Mr. Chaffetz. Let me ask the NSA. Is the NSA collecting 
this data?
    Mr. Inglis. We are not collecting that data under this 
program. We believe that the authority could be granted by the 
courts to collect that attribute. We have not done that, and as 
Mr. Cole and Litt indicated earlier, the Director of NSA has 
given an affirmation to the Congress that before such time as 
we would reconsider that decision, we would come back to the 
Congress.
    Mr. Chaffetz. How--going back to you, Mr. Cole. What other 
bits of information fall in this gap between metadata and 
content? What is this third category that you are talking 
about? What is the right word for it?
    Mr. Cole. I am not sure. It is just a third category, Mr. 
Chaffetz. I think there is metadata that was described by the 
court in Smith v. Maryland, which is the telephone records that 
we have been talking about today that were covered by the 215 
program that we have been discussing today.
    There is content, which is the actual--the conversations 
themselves that people have, and there are any number of things 
that may fall in between those, and it is not just a third 
category. It is probably a continuum.
    Mr. Chaffetz. What else would be in that continuum?
    Mr. Cole. I am sorry, sir?
    Mr. Chaffetz. What else would be in that continuum?
    Mr. Cole. It is hard for me to just hypothesize about all 
the many different things that could be out there and where 
they would fall in that continuum.
    Mr. Chaffetz. There is a report out today about license 
plates and that information that is being collected by 
thousands of camera readers and stored about specific location. 
Does that fall within this category?
    Mr. Cole. In which category?
    Mr. Chaffetz. License plate readers.
    Mr. Cole. The whole issue comes down to the reasonable 
expectation of privacy, and this is what the court bases its 
rulings on.
    Mr. Chaffetz. Do you believe that I have a reasonable 
expectation of privacy about my specific whereabouts?
    Mr. Cole. It depends on where you are and how many other 
people see you as----
    Mr. Chaffetz. Do I have a reasonable expectation of privacy 
on private property?
    Mr. Cole. In general, I think the courts are saying that 
there is a trespass theory that gives you a reasonable 
expectation of privacy, depending on whose property it is, 
whether it is your own or somebody else's, how many other 
people are there. These are all the types of issues that would 
go into that.
    Mr. Chaffetz. My time is expired. But, Mr. Chairman, this 
is something we have to much more thoroughly understand. There 
is guidance out there, and I think this Committee should be 
able to see it.
    Yield back.
    Mr. Goodlatte [presiding]. We are working our way in that 
direction, and there will be another hearing. You will be able 
to ask even more questions in a classified manner about 
questions you couldn't get answered here.
    So we thank the gentleman, and the Chair now recognizes the 
gentleman from South Carolina, Mr. Gowdy, and thanks him for 
presiding for a period of time as well.
    Mr. Gowdy. Thank you, Mr. Chairman.
    I was listening to my colleagues and our witnesses discuss 
these issues, and for whatever reason, Mr. Chairman, my mind 
went to a guy by the name of Joseph Hartzler. I don't know 
whether he is still with the department or the U.S. attorney's 
office or not. He was the lead prosecutor in a case called 
United States v. Timothy McVeigh.
    And I thought to a presentation that Mr. Hartzler gave many 
years ago and the role that business records played in his 
ability to successfully prosecute that horrific act of domestic 
terrorism. And Mr. Chairman, I thought to myself, all right, we 
asked you, Mr. Hartzler, to prosecute the crime after it took 
place. What if we challenged you with the responsibility to 
prevent the next act of terrorism? What tools would you need to 
be able to prevent crime, as opposed to prosecute it in its 
aftermath?
    And while this is at some level a debate between privacy 
and public safety, to me, it is also a debate between the 
difference between prosecuting something after it happens and 
then preventing it from happening in the first place. Mr. 
Hartzler used hotel records. He used business records where 
McVeigh went and purchased certain materials. He used--that was 
a very tedious, difficult case to prosecute, and the role of 
the business records played in it.
    So this is what I would like to ask. I don't want to ask 
specific questions about the sections. I want to go to where 
the people of my district are who are not trained attorneys for 
the most part, trained law enforcement officials.
    Mr. Litt, you would agree that the Constitution kind of 
sets the minimum standard by which Government must conduct 
itself----
    Mr. Litt. Yes, sir.
    Mr. Gowdy [continuing]. Is the minimum standard?
    Mr. Litt. Yes, sir. And Congress has the power to set 
higher standards.
    Mr. Gowdy. Exactly. So, in Roper v. Simmons, if the Supreme 
Court says you cannot put someone to death who was under the 
age of 18 at the time that they committed the offense, that 
does not keep Congress from saying we are going to raise it to 
21?
    Mr. Litt. That is correct.
    Mr. Gowdy. Right. So who does get to decide whether or not 
our fellow citizens have a reasonable expectation of privacy?
    Mr. Litt. It depends upon the purpose for which you are 
deciding it. For purpose of interpreting the provisions of the 
Fourth Amendment, as the Fourth Amendment, the Supreme Court is 
the ultimate arbiter. For purposes of determining what is the 
appropriate behavior, how do you want to regulate the actions 
of Government, that is Congress' role----
    Mr. Gowdy. Well, I want to stop you. You say the Supreme 
Court is the ultimate arbiter. Are they the exclusive arbiter? 
Can the people weigh in on what they think they have a 
reasonable expectation of privacy in?
    Mr. Litt. Absolutely. But----
    Mr. Gowdy. Well, the Supreme Court doesn't have the benefit 
of public input.
    Mr. Litt. Generally speaking, the public manages to get its 
voice heard in case in----
    Mr. Gowdy. Well, I would hope they would listen to it. I 
mean, their job is not to weigh and balance--to Jason's point, 
if you are on private property but there is a helicopter above 
versus if you are on private property and there are four other 
people at the picnic with you, I mean, you have no expectation 
of privacy in your face.
    I don't think anyone would argue you have an expectation of 
privacy in your face. But that does not mean that our fellow 
citizens want Government to collect facial imagery data.
    Mr. Litt. You know, I think that is exactly the right way 
to frame it, which is to say that the Fourth Amendment, as 
interpreted by the court, sets the minimum constitutional 
standard, but that the Congress, based on input from the people 
and whatever sources, can determine, no, this is how we want to 
regulate the behavior of our Government. And that set of 
regulations that we need to adhere to.
    Mr. Gowdy. And technology can impact that. Agree technology 
can impact that?
    Mr. Litt. I am sorry?
    Mr. Gowdy. Technology? Technology can impact someone's 
reasonable expectation of privacy?
    Mr. Litt. Oh, absolutely.
    Mr. Gowdy. Culture?
    Mr. Litt. Yes. All of those factors come into play.
    Mr. Gowdy. I mean, there are already currently business 
records that an AUSA cannot access with a subpoena. Unless the 
world has changed, you can't get medical records with a 
subpoena.
    Mr. Litt. Right. There are statutory restrictions on what 
you can get.
    Mr. Gowdy. You can't get IRS tax returns with a subpoena.
    Mr. Litt. That is right. You have got to go through a more 
elaborate process.
    Mr. Gowdy. Both of those are business records, right?
    Mr. Litt. That is correct.
    Mr. Gowdy. So the notion that Miller stands for the 
proposition that all business records you have no expectation 
of privacy because there was a third party involved, we just 
came up with two examples where that is not the case.
    Mr. Litt. Well, again, that was a case interpreting what 
the Fourth Amendment meant. The other examples you have given 
are cases where, as you said, Congress has gone beyond the 
minimum requirement----
    Mr. Gowdy. But there was also a statute in play in Miller. 
There was a banking statute in play in Miller. You have read it 
more recently than I have. But----
    Mr. Litt. No, I----
    Mr. Gowdy. My point--my time is up. My point is this. All 
of us are asked back home by people who are not as well trained 
in the law as you all are, and there is this growing skepticism 
about the conduct of Government. And to the extent that the 
people can weigh in on what they have an expectation of privacy 
in, you can expect to see that scale balance back toward 
privacy and away from public safety unless we do a better job 
of regaining their trust and explaining why these programs are 
necessary.
    Mr. Litt. So I couldn't agree with you more. I think that 
is absolutely right. I think as Deputy Director Inglis said 
before, in the intelligence community, we try very hard to keep 
in mind both the protection of national security and the 
privacy and constitutional rights of Americans.
    We think we have struck that balance in the right place, 
but if the people and the Congress determine that we struck 
that balance in the wrong place, that is a discussion that we 
need to have.
    Mr. Gowdy. Thank you, Mr. Chairman.
    Mr. Goodlatte. The Chair thanks the gentleman.
    And on that note, we thank this panel for giving a lot of 
answers. I think there are some that could not be answered here 
today, and therefore, you might anticipate that we will have a 
subsequent hearing in a classified setting and ask additional 
questions.
    Whether it is of you four or something else, I don't know, 
but I want to thank each one of you for helping us to engage in 
a very thorough examination of the issues related to these two 
sections of the law and excuse you now.
    Thank you again.
    [Pause.]
    Mr. Goodlatte. Folks, if we could ask everyone to clear the 
hearing room, we are going to start with our second panel. No, 
just clear the area around the witness table.
    And we would now invite our second panel to take their 
seats. And once you have taken your seats, we will invite you 
to stand back up again and be sworn.
    So we will welcome our second panel and ask that each of 
you rise and be sworn in.
    [Witnesses sworn.]
    Mr. Goodlatte. Thank you very much.
    Let the record reflect that all the witnesses responded in 
the affirmative, and we will now introduce our witnesses.
    Our first witness is Mr. Stewart Baker, a partner at 
Steptoe & Johnson law firm here in Washington, D.C. And we 
would ask that the door in the back be closed so we can have a 
little more----
    Mr. Stewart Baker is a partner at Steptoe & Johnson here in 
Washington, D.C. Mr. Baker also serves as a distinguished 
visiting fellow at the Center for Strategic and International 
Studies. Previously, he served as the First Assistant Secretary 
for Policy at the U.S. Department of Homeland Security.
    He also served as general counsel of the NSA, where he led 
NSA and interagency efforts to reform commercial encryption and 
computer security law and policy. Mr. Baker has been a visiting 
fellow at the Hoover Institution and a fellow of the University 
Center for National Security Law.
    Mr. Baker received his bachelor's degree from Brown 
University and his J.D. from the UCLA School of Law, where he 
was chief articles editor of the UCLA Law Review. And we are 
very fortunate to have him and his expertise with us today.
    Our second witness is Mr. Jameel Jaffer, Deputy Legal 
Director of the American Civil Liberties Union and also serves 
as Director of the group's Center for Democracy. Mr. Jaffer 
previously directed the ACLU's National Security Project. Prior 
to joining the ACLU, Mr. Jaffer clerked for Amalya Kearse, the 
U.S. Circuit Court of Appeals for the Second Circuit, and the 
Right Honorable Beverley McLachlin, Chief Justice of Canada.
    Mr. Jaffer earned degrees from Williams College, Cambridge 
University, and Harvard Law School, and we welcome his 
expertise and experience as well.
    Our third witness today is Mr. Steven G. Bradbury, an 
attorney at Dechert, LLP, here in Washington, D.C. Formerly, 
Mr. Bradbury headed the Office of Legal Counsel in the U.S. 
Department of Justice during the Administration of George W. 
Bush, handling legal issues relating to the FISA court and the 
authorities of the National Security Agency. He served as a law 
clerk for Justice Clarence Thomas on the Supreme Court of the 
United States and for Judge James L. Buckley of the United 
States Court of Appeals for the D.C. Circuit.
    Mr. Bradbury is an alumnus of Stanford University and 
graduated magna cum laude from Michigan Law School. We thank 
him for serving as a witness today and look forward to his 
insight into this complex topic.
    Our final witness on the first panel is Ms. Kate Martin, 
Director of the Center for National Security Studies since 
1992. She was formerly a lecturer at Georgetown University Law 
School and has also worked in the position of general counsel 
to the National Security Archive. She is currently a member of 
Constitution Project's bipartisan Liberty and Security 
Committee.
    Previously, Ms. Martin was a partner with the Washington, 
D.C., law firm of Nussbaum, Owen & Webster. She graduated from 
the University of Virginia Law School, where she was a member 
of the Law Review and from Pomona College with B.A. in 
philosophy. We welcome her dedication and expertise in this 
area.
    Thank you all for joining us, and we will begin with Mr. 
Baker. Each witness should summarize his or her testimony in 5 
minutes or less. Your entire statement will be made a part of 
the record. And to help you stay within that time, there is a 
timing light on your table.
    When the light switches from green to yellow, you will have 
1 minute to conclude your testimony. When the light turns red, 
it signals that the witness's 5 minutes have expired.
    Mr. Baker, welcome.

                TESTIMONY OF STEWART A. BAKER, 
                     STEPTOE & JOHNSON, LLP

    Mr. Baker. Thank you, Mr. Chairman.
    Mr. Goodlatte. You may want to pull the microphone close 
and turn it on.
    Mr. Baker. Thank you, Mr. Chairman and Ranking Member 
Conyers. Yes, thank you very much.
    It is a pleasure to be here, and I will say that this is 
not as unprecedented a climate as it may seem. I thought I 
would take advantage of the fact that it is my birthday to talk 
a little about the history of FISA. Here is a quote from the 
Cato Institute.
    ``If constitutional report cards were handed out to 
Presidents, the President would receive an F, an appalling 
grade for any President, let alone a former professor of 
constitutional law.''
    About the same time that they were saying that, the FISA 
court judge, chief judge, felt obliged to say, ``We are not a 
rubber stamp. I carefully review every one of these 
applications.''
    This was the second term of Bill Clinton when many of these 
criticisms were very prominent. And quite frankly, I think they 
contributed to the FISA court at the time adopting, it turns 
out without legal justification, a set of restrictions on the 
conduct of intelligence that built a wall between law 
enforcement and intelligence that contributed directly to the 
FBI not being able to find the hijackers when they knew they 
were in the country but were not allowed to look for them 
because they were on the wrong side of the wall.
    I say that because this climate and the search for ever 
greater protections for civil liberties does have a cost, and 
we don't know where that cost will be paid. That is why it 
seems to me that we need to be as careful as we can to ask the 
question what sorts of protections are there already. And I 
will confess, I was very surprised and a little troubled when I 
saw that initial metadata order.
    Only when I came to realize that the order allowed the 
collection, but not the actual searching of that data, and that 
the searches were so carefully circumscribed that only 300 were 
made in a particular year, did I realize that when you look at 
the two sets of orders together, that there are actually 
extraordinary limitations on the ability of anyone at NSA to 
look at metadata of any individual. I contrast that to the fact 
that there are hundreds of thousands of subpoenas issued every 
year for metadata by State and local law enforcement with far 
fewer guarantees of protection for that data.
    And then, finally, and I will close with this, the other 
cost that we are likely to pay here is that we are not the only 
audience for the debates that we are going through. It may feel 
like a family fight, but the neighbors are listening.
    And indeed, Europe has already made it clear that they 
intend to punish everybody who participated in these programs 
if they possibly can. They intend to try to restrict our 
intelligence gathering by going after the companies that only 
did their duty in responding to orders that were lawful under 
U.S. law.
    This is a fixed feature now of European public policy and 
diplomacy. It ignores the fact that, by and large, the U.S. 
record on protecting civil liberties and even this kind of data 
is much better. According to the Max Planck Institute, you are 
100 times more likely to be surveilled by your own government 
if you live in the Netherlands or you live in Italy. You are 30 
to 50 times more likely to be surveilled if you are a French or 
a German national than in the United States.
    Only in the United States and Japan are there limitations 
on simply volunteering information to Government if you happen 
to have this metadata. As long as you have a good reason, by 
and large, you can give it over, and certainly law enforcement 
would appear to be a good reason.
    And on this question of assembling a database of metadata, 
the Europeans don't do that because they passed a law telling 
every one of their carriers, you assemble the database. You 
maintain it. And if law enforcement comes calling or if you 
want to volunteer the information, you will have it.
    We have never done that. We have never had a data retention 
law in the United States for civil liberties reasons, and that 
is one of the reasons why we have ended up trying to collect 
this data and then imposing a set of limitations on when it is 
searched.
    I will reserve and answer any questions you may have at the 
end of the discussion.
    [The prepared statement of Mr. Baker follows:]
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    


                               __________
    Mr. Goodlatte. Thank you, Mr. Baker.
    Mr. Jaffer, welcome.

                  TESTIMONY OF JAMEEL JAFFER, 
             AMERICAN CIVIL LIBERTIES UNION (ACLU)

    Mr. Jaffer. Thank you. Mr. Chairman, Mr. Ranking Member, 
Members of the Committee, on behalf of the ACLU, thanks for the 
invitation to testify today.
    Over the last 6 weeks, it has become clear that the NSA is 
engaged in far-reaching, intrusive, and unconstitutional 
surveillance of Americans' communications. Under Section 215, 
the NSA is tracking every single phone call made by a resident 
of the United States--who they called, when they called them, 
for how long they spoke. Until recently, it was tracking 
ordinary Americans' Internet activity as well.
    Under Section 702 and on the pretext of monitoring people 
outside the United States, the NSA is using Section 702 of FISA 
to build massive databases of Americans' domestic and 
international communications, not just so-called metadata, but 
content as well. Those programs have been made possible by huge 
advances in the technology of surveillance, but in many 
respects, they resemble the generalized warrants, the 
generalized surveillance programs that led to the adoption of 
the Fourth Amendment more than 200 years ago.
    The FISA court orders resemble general warrants, albeit 
general warrants for the digital age. That the NSA is engaged 
in this kind of unconstitutional surveillance is the result of 
defects in the statute itself and in the current oversight 
system.
    FISA affords the Government sweeping power to monitor the 
communications of innocent people. Excessive secrecy has made 
congressional oversight difficult and public oversight 
impossible. Intelligence officials have repeatedly misled the 
public, Congress, and the courts about the nature and the scope 
of the Government surveillance activities, and structural 
features of the Foreign Intelligence Surveillance Court have 
prevented that court from serving as an effective guardian of 
constitutional rights.
    To say that the NSA's activities present a grave danger to 
American democracy is not an overstatement. Thirty-six years 
ago, after conducting a comprehensive investigation into the 
intelligence abuses of the previous decades, the Church 
Committee warned that inadequate regulations on Government 
surveillance ``threaten to undermine our democratic society and 
fundamentally alter its nature.''
    That warning should have even more resonance today than it 
did in 1976 because in recent decades, the NSA's resources have 
grown, statutory and constitutional limitations have been 
steadily eroded, and the technology of surveillance has become 
exponentially more power and more intrusive.
    Because the problem that Congress confronts today has many 
roots, there is no single solution to it. But there are a 
number of things that Congress should do right away.
    It should amend Section 215 and 702 to expressly prohibit 
suspicionless or dragnet monitoring or tracking of Americans' 
communications. It should require the executive to release 
basic information about the Government's use of foreign 
intelligence surveillance authorities, including those relating 
to pen registers and national security letters.
    The executive should be required to disclose for each year 
how many times each of those provisions was used, how many 
individuals' privacy was implicated by the Government's use of 
each provision. And with respect to any dragnet, generalized, 
or bulk surveillance program, it should be required to disclose 
the types of information that were collected.
    Are they collecting medical records? Are they collecting 
educational records? Are they collecting firearms records? That 
should be disclosed to the American public.
    Congress should also require the publication of FISA court 
opinions that evaluate the meaning, scope, or constitutionality 
of the foreign intelligence laws. The ACLU recently filed a 
motion before the FISA court, arguing that the publication of 
those opinions is required by the First Amendment, but Congress 
need not wait for the FISA court to act. Congress has the 
authority and the obligation to ensure that Americans are not 
governed by a system of secret law.
    Finally, Congress, and this Committee in particular, should 
hold additional hearings to consider further amendments to 
FISA, including amendments to make FISA court proceedings more 
transparent. Congress should not be indifferent to the 
Government's accumulation of vast quantities of sensitive 
information about Americans' lives. This Committee in 
particular has a crucial role to play in ensuring that the 
Government's efforts to protect the country don't compromise 
the freedoms that make the country worth protecting.
    Thank you.
    [The prepared statement of Mr. Jaffer follows:]
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

                               __________
    Mr. Goodlatte. Thank you, Mr. Jaffer.
    Mr. Bradbury, welcome.

         TESTIMONY OF STEVEN G. BRADBURY, DECHERT, LLP

    Mr. Bradbury. Thank you, Mr. Chairman, Ranking Member 
Conyers, and distinguished Members of the Committee.
    I believe both of the recently disclosed NSA programs are 
critical to our national security, and I have every confidence 
that each is authorized by statute, consistent with the 
Constitution, and appropriately protective of privacy and civil 
liberties.
    The first program involves the acquisition of telephone 
metadata under a Section 215 business records order. This 
metadata consists only of tables of numbers indicating which 
phone numbers called which numbers and the time and duration of 
the calls. It doesn't reveal any other subscriber information, 
and it doesn't enable the Government to listen to anyone's 
phone calls. There is no monitoring or tracking of phone calls.
    The Constitution does not require a warrant supported by 
probable cause to acquire this metadata. Courts have held that 
there isn't a reasonable expectation of privacy in the phone 
numbers that are dialed. And the production of business records 
like these doesn't involve a Fourth Amendment search.
    This acquisition is authorized under the terms of Section 
215 because the use of the metadata is relevant to 
counterterrorism investigations. Acquiring a comprehensive 
database enables better analysis of the telephone links and 
calling patterns of terrorist suspects, which is often the only 
way to discover new phone numbers being used by terrorists.
    To connect the dots effectively requires the broadest set 
of telephone metadata. The same relevance standard applies in 
other contexts, such as administrative subpoenas and grand jury 
subpoenas, which, unlike Section 215, typically do not require 
court approval.
    While the metadata order is extraordinary in the amount of 
data acquired, it is also extraordinarily narrow and focused 
because of the strict limitations placed on accessing the data. 
There is no data mining or trolling through the database 
looking for suspicious patterns.
    By court order, the data can only be accessed when the 
Government has reasonable suspicion that a particular phone 
number is associated with a foreign terrorist organization. And 
then that number is tested against the database to discover its 
connections. If it appears to be a U.S. number, the necessary 
suspicion can't be based solely on First Amendment protected 
activity.
    Because of this limited focus, only a tiny fraction of the 
total data has ever been reviewed by analysts. The database is 
kept segregated and is not accessed for any other purpose, and 
FISA requires the Government to follow procedures overseen by 
the court to minimize any unnecessary dissemination of U.S. 
numbers.
    Any data records older than 5 years are continually deleted 
from the system. The order must be reviewed and reapproved 
every 90 days. And my understanding is that since 2006, 14 
different Federal judges have approved this metadata order.
    Let me now turn to the surveillance program that targets 
foreign communications. This program is authorized under 
Section 702 of FISA, and if we just track through the 
provisions of Section 702, we can see the outline of this 
program. With court approval, Section 702 authorizes a program 
of foreign-focused surveillance for periods of 1 year at a 
time.
    This authority may only be used if the surveillance does 
not, one, intentionally target any person of any nationality 
known to be located in the United States; two, target a person 
outside the U.S. if the purpose is to reverse target any 
particular person believed to be in the U.S.; three, 
intentionally target a U.S. person anywhere in the world; and 
four, intentionally acquire any communication as to which the 
sender and all recipients are known to be in the U.S.
    Section 702 mandates court approval of the targeting 
protocols and of minimization procedures to ensure that any 
information about U.S. persons that may be captured in this 
surveillance will not be retained or disseminated, except as 
necessary for foreign intelligence purposes. From everything 
that has been disclosed about this program, including the so-
called PRISM Internet collection, I don't think there is any 
reason to doubt that this foreign-targeted surveillance is just 
what Section 702 was designed to authorize.
    Thank you, Mr. Chairman.
    [The prepared statement of Mr. Bradbury follows:]
    
    
    
    
    
    
    
    
    
    
    
    


                               __________
    Mr. Goodlatte. Thank you, Mr. Bradbury.
    Ms. Martin, welcome.

                   TESTIMONY OF KATE MARTIN, 
              CENTER FOR NATIONAL SECURITY STUDIES

    Ms. Martin. Thank you, Mr. Chairman and Ranking Member 
Conyers and other distinguished Members of this Committee, for 
inviting me to testify today.
    I want to, first of all, thank the Committee for having 
asked some questions of the Government witnesses that I hoped 
the Committee would ask and congratulate you upon obtaining 
answers, at least in part, to some of those questions.
    I want to raise two overarching concerns today about these 
programs and note, first of all, that I think it does not make 
sense for the Committee to consider the 215 program and the 702 
program separately and, instead, that they need to be looked 
upon as part of an overall set of foreign surveillance 
authorities that work together to allow the Government to 
collect and keep massive amounts of information about Americans 
and to do so in secret.
    And that that is the real nut of the problem. We have an 
incredibly complex set of laws governing those authorities and 
setting up safeguards, as this Committee is well aware, and we 
need to understand how those work together, where the holes 
are, and where the potential changes are.
    So I would urge the Committee, in going forward, to expand 
your oversight and your questions to look at not just 215 and 
702, but all the FISA Authorities and not just as exercised by 
the National Security Agency, but equally significantly 
regarding how the information is shared between the NSA, the 
FBI, the DHS, and perhaps the White House or the NCTC as well. 
Those are equally critical questions for both civil liberties 
and for evaluating the effectiveness and the necessity of the 
programs.
    I agree with Mr. Jaffer and many of the Members here today 
that there is a lot to be concerned about, that we are seeing 
the unprecedented massive collection of information on 
Americans, the creation of secret data banks which are 
available for Government analysis, queries, and data mining by 
ever increasingly sophisticated computerized tools, and the 
dissemination of both raw information and the results of such 
analysis or data mining throughout the executive branch.
    I think that the question is whether or not these new 
activities by the Government have the potential to 
fundamentally change the relationship between citizens and the 
state. I think that was the concern that many Members of this 
Committee were raising today.
    In connection with the question of what is the harm here, I 
very much appreciate that the Administration and the NSA have 
been very detailed about the internal safeguards that they have 
created to ensure that no rogue employee or contractor can 
access the personal information of an individual American and 
misuse it.
    I do not believe, however, that that is the primary worry 
of the American people about these programs. I think, rather, 
the primary worry and the primary concern when FISA was first 
drafted was that the Government would succumb to the temptation 
to use information that it has about individual Americans to 
chill political dissent, to challenge its political opponents, 
et cetera.
    I think this is one of those instances where when you 
discuss it in advance you can never believe that this would 
actually happen, but that when you look at history, it has 
happened too many times already in my own lifetime.
    Just a couple of specific comments about information which 
I believe would be crucial for this Committee's consideration. 
First on questions about what kinds of authorities does the 
Government have under Section 215, one of the Members asked 
about the collection of Internet metadata. I would urge you to 
find out specifically whether or not under the Government's 
current understanding of its legal authorities under 215, it 
could make an application for the collection of all Internet 
metadata on communications within the United States; whether or 
not it could make an application under 215 for bulk collection 
of geolocation data; or for bulk collection of financial 
records or credit card records.
    I think it is also important to know when the Government 
makes one of these 300 queries to the 215 database, does that 
query require the database to do a chain-linked--a chained 
analysis? Not simply what numbers have been in contact with the 
first number, but to then do a chain-linked analysis?
    I know my time is up, and if I might just make one last 
comment? On the overall question of this is foreign 
intelligence, and traditionally it is done in secret; it is 
always done by government. There is a high cost when it is 
discussed in public.
    It is foreign intelligence when it is directed against 
foreigners and other governments overseas. We are talking about 
massive authorities for massive collections on Americans. And 
that may be foreign intelligence. It is also at the core of the 
concerns of the constitutional framers. I think that what we 
have seen about the cost of secrecy here is that----
    Mr. Goodlatte. Sorry.
    Ms. Martin. That is okay.
    [The prepared statement of Ms. Martin follows:]
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    


                               __________
    Mr. Goodlatte. We will have more opportunity to speak in 
just a moment.
    Ms. Martin. Thank you.
    Mr. Goodlatte. But we will begin with the questioning, and 
I will start with Mr. Jaffer. If the acquisition of metadata is 
the type of mosaic of information that Sotomayor warned about 
in the Jones case, how would you limit the Government from 
collecting it?
    Mr. Jaffer. Well, one possibility would be to require the 
Government to get an individualized warrant for that 
information. And whatever the answer to that question is, I 
think that there have to be more safeguards than are in place 
right now.
    Even the Government seems to concede that its surveillance 
of this kind of information has to be reasonable under the 
Fourth Amendment, and I just don't see you how can possibly 
justify the collection of everybody's phone records on that 
standard. And I think many Members rightly pointed out that no 
other court has ever granted a subpoena, has ever upheld a 
subpoena that sought records on that scale.
    Mr. Goodlatte. That is with regard to 215. One objection 
you have to 702 information collected is that information about 
Americans can be swept up in the search for foreign 
intelligence information. But isn't that the case with any 
Title III wiretap?
    Mr. Jaffer. It is the case, and that is why the courts 
apply a reasonableness analysis. And all we have argued in the 
context of challenges to 702 is that the same reasonableness 
analysis has to be applied to the Government surveillance under 
that provision.
    And the Government in our constitutional challenges happen 
to have actually conceded that point. The only dispute was 
whether these procedures were, in fact, reasonable, and we 
don't think they are.
    Mr. Goodlatte. If the FBI is conducting a wiretap of a 
business that is also part of a criminal conspiracy, innocent 
third parties sometimes are involved, and they are monitored. 
That information is minimized to protect the people's privacy. 
How is this different from Section 702 surveillance, which must 
be also minimized?
    Mr. Jaffer. Right. I think that is a good question. I think 
that one of our concerns is that the word ``minimization'' is 
being used as a kind of talisman as if when the Government 
invokes the prospect of minimization, that should end the 
discussion. But you have to look at what the Government means 
when it says minimization.
    And fortunately, we now have the Government's minimization 
procedures under 702. They were released by the Guardian and by 
the Washington Post, and they allow us to evaluate the extent 
to which those procedures actually protect Americans' privacy. 
And I think it is quite clear from the procedures that they 
don't protect Americans' privacy. They allow the Government to 
sweep up Americans' communications, both domestic and 
international, to retain those communications forever to the 
extent that they include foreign intelligence information, a 
term that is defined very broadly under the statute.
    Even if the communications don't contain foreign 
intelligence information, they can be retained for as long as 5 
years. So these are procedures that don't do very much to 
protect Americans' privacy.
    Mr. Goodlatte. Let me turn to Mr. Baker and Mr. Bradbury 
and ask them if they want to comment on Mr. Jaffer's 
observation and tell us why it is necessary to collect a broad 
set of metadata under Section 215. Does this help the 
Government connect the dots?
    Mr. Baker. The difficulty the Government faced is that each 
telecommunications company keeps its records as it chooses, and 
they may maintain the records for a year or two, but they won't 
keep it for a long time. And you can't easily chain from one 
database to the next to find out the communications of the 
people who are linked to the person that you are investigating.
    And so, and to ask the companies to keep it for the 
Government's convenience, to consolidate the database for the 
Government's convenience is something that is really asking 
quite a bit of a private citizen just to help the Government do 
its job. So the Government did this and then acted----
    Mr. Goodlatte. But let me interject that depending upon the 
cost of the Government taking it and gathering it and holding 
it, we are asking all those phone companies' customers, who are 
also taxpayers of the United States, to bear that burden.
    So I understand the problem with asking the phone companies 
to do it. But we also have to evaluate whether the benefits 
derived from this are justified by the costs of it.
    Mr. Baker. That is a perfectly fair point, although the 
rate payers and the customers of the phone companies will pay 
for it in the end if it is a cost to the companies. But I agree 
with you that it is a cost to the United States. I think it is 
a cost that we bear because we are trying to protect all 
Americans from terrorism, and that it is fair for the U.S. 
Government to bear that cost.
    In the end, though, the searches can't be done without a 
reasonable and articulable suspicion, which in practice has 
turned out to be much tougher than the standard for serving a 
subpoena on an individual telephone company. As I said, there 
are hundreds of thousands, perhaps a million such subpoenas.
    Mr. Goodlatte. I understand. But that also leaves aside the 
question of whether the Congress intended to give the NSA the 
authority to gather the data in the fashion they did under the 
business record provision.
    But let me ask Mr. Bradbury another question, and he can 
comment on this as well, if he'd like. Mr. Jaffer's testimony 
claims the Government is tracking all American phone calls 
under the 215 program. Is this what is happening?
    Mr. Bradbury. No. As I indicated, they are not tracking 
calls. They are not monitoring calls. The data sits in a 
database and is only accessed when there is a suspicious 
number, and you want to find the links and connections that 
that number has to other numbers.
    But you need to have the whole database, and getting the 
whole database is relevant to the counterterrorism 
investigation because you cannot do the kind of sophisticated 
link analysis that the NSA does without having a comprehensive 
set of data.
    It doesn't have to be every single call record, but it has 
to be the largest collection you can get in order to 
effectively find all of those connections. And that is because 
of the technical way that they do it, but it is a super 
valuable tool, and getting the database is relevant.
    It would be the same if we had a suspicion that a terrorist 
had come into the country, but we didn't know exactly on what 
flight or where. And you could use 215 to get the flight 
manifests of all flights in and out of the country during a 
period of time, and you could put it in a database and you 
could query the person's number, name to find out when he came 
in. It is relevant.
    Mr. Goodlatte. You raised a good analogy, but my debate 
professor said analogy was the weakest form of argument. So are 
you suggesting that it would be appropriate if the airlines did 
not keep that data for a sufficient period of time, that it 
would be appropriate for the Government to tell all the 
airlines to provide them with all of the flight records of all 
American citizens so they could hold it in a database and check 
it when they needed to?
    Mr. Bradbury. Well, it might be. It might be something that 
you have to do to find that particular flight that you need to 
protect----
    Mr. Goodlatte. Well, I wouldn't argue that there might be 
occasions when that information would be useful, but it would 
have to be weighed against both the cost of storing the data--
and that is just not, you know, computer capability, but also 
people to manage that--and the risks that are entailed by those 
people abusing that system, if that, indeed, occurs.
    Let me turn to Ms. Martin, however, and your testimony 
includes a number of suggestions for increasing the visibility 
into the--increasing visibility into the FISA programs. Which 
of these would you prioritize as a way to both preserve our 
national security efforts while also giving the public a better 
understanding of how the programs work?
    Ms. Martin. I think that it is key to obtain an 
understanding of the court's understanding of its legal 
authorities, not just 215, but all of them and the Government's 
interpretation and understanding of those legal authorities. I 
think it is also key, and the second thing that I would 
prioritize is getting a report from the Government how the 
existing FISA Authorities complement, overlap, and differ, 
and--and what they allow and what they don't allow.
    I think, otherwise, we are going to be in the situation 
where we are talking about fixing 215 with regard to phone 
metadata without knowing how the Government is going to use 
national security letters or pen traps or 702 to get the same 
kind of data. So I would prioritize knowing the law and 
understanding how that works and the Government's understanding 
of the legal authorities. And then after that, some idea--some 
idea, not the specifics--of the scope of the collection that is 
being done on Americans.
    Mr. Goodlatte. Thank you very much.
    My time has expired. The Chair recognizes the gentleman 
from Michigan, the Ranking Member Mr. Conyers, for 5 minutes.
    Mr. Conyers. Thank you, Chairman Goodlatte.
    This has been a very important hearing, and I wanted to 
begin by asking Professor Martin about the decision by Justice 
Alito, a 5-4 decision as usual, responding who dismissed a 
number of groups for lack of standing. Reasoning that 
respondents can't manufacture standing by choosing to make 
expenditures.
    Is the harm alleged by, among others, Amnesty International 
and ACLU hypothetical, which was the basis of this conservative 
decision?
    Ms. Martin. Thank you for that question, Mr. Conyers.
    If I might answer it, that case, of course, was a challenge 
to the constitutionality of the 702 collection program. And one 
of the points that the Government made when it argued that the 
ACLU and Amnesty didn't have the kind of particularized 
standing or showing of harm that the Constitution required was 
that others would be able to challenge the constitutionality of 
702 collection and, in particular, individuals who were 
prosecuted using the fruits of such 702 collection.
    Well, now it turns out that the Government won't even tell 
such people that it used the fruits of 702 collection in making 
a criminal case against them, and they are not given that 
opportunity to challenge the 702 collection. I do think that it 
is an appropriate question for the Congress to worry about 
wether you have designed a system that allows the Government to 
collect massive amounts of information about Americans, in 
secret, but somehow you haven't set up any mechanism that the 
Supreme Court is going to recognize as granting standing to 
anybody to challenge the fact that information about them has 
been collected. That is a problem that Congress can solve and 
should solve.
    And that is a fundamental difference, of course, between 
foreign intelligence collection authorities that we are talking 
about today and the kind of criminal justice collection 
authorities that were discussed, which is that there is the 
possibility of an open, adversarial court challenge to criminal 
collection, which doesn't exist in this context.
    Mr. Conyers. Can I ask----
    Ms. Martin. And to tell my colleagues----
    Mr. Conyers. Can I ask, Mr. Jaffer, in addition to your 
four recommendations, is there a way that we can reconcile our 
concern against terrorism and at the same time permit the 
largest usefulness of privacy possible? You know, after all, if 
it hadn't been for a couple of people leaking, we wouldn't have 
known about any of this, as far as I am concerned.
    Some say that somebody made a statement on the floor of the 
House. If you happen to have caught it, you could go back and 
track it. But I think I am more concerned about the collection 
legality than I am about the uses to which it is put.
    Mr. Jaffer. Well, I think that you ought to be concerned 
about the collection. The collection in the first instance 
implicates privacy. It has a real effect on privacy. That is 
where the privacy intrusion happens in the first instance.
    And it also has a chilling effect on activity protected 
under the First Amendment. It is the Government's collection of 
that information that has the chilling effect. If you remember 
during the 1960's and '70's, some State governments used 
subpoenas served on the NAACP as an effort to chill association 
with the NAACP.
    And it was just the acquisition of that information that 
was chilling, and those governments knew it. And----
    Mr. Conyers. And more chilling now than anything is the 
fact that they have got information through phone numbers, 
which can easily be attached to names, of everybody in the 
country for at least 6 years. And that is probably the most 
disturbing aspect of this matter to me that I have been hearing 
today.
    Mr. Jaffer. Mr. Conyers, if I could just point out that 
even if you accept the Government's frame here and focus only 
on the uses, I don't think anybody should be misled by this 300 
number, which makes it sound like this is a very targeted 
program. But if you think about the 300 number in relation to 
what was said on the previous panel about three hops, the first 
hop takes you to, say, 100 people whose communications are 
pulled up. The second one takes you to 10,000, and the third 
one takes you to 1 million.
    And you do that 300 times. I think it is safe to say that 
every American's communications have been pulled up at least 
once.
    Mr. Conyers. Thank you very much.
    Mr. Gohmert [presiding]. I will recognize myself now, and I 
appreciate your being here.
    It is intriguing, what we are talking about. We are talking 
about the privacy, the type of concerns that spawned a 
revolution back over 200 years ago. We hear all this 
information about the FISA courts, and that is the bulk of what 
you are being--you are talking about.
    Anybody care to just briefly tell us what happened before 
there was a FISA court? We know there have been national 
security secrets since the revolution itself. What happened 
before there was a FISA court to protect us from ourselves?
    Mr. Jaffer. It was left up to the executive. It was 
unilateral action by the executive in the area of foreign 
intelligence surveillance. And in fact----
    Mr. Gohmert. But here, we are talking about surveillance of 
Americans, in-country American citizens, and that is what I am 
talking about. If someone wanted to gather intelligence 
information about American citizens on American soil, normally, 
having been a judge and chief justice, it is my understanding, 
you went to a court.
    You might be requesting in camera review of documents. You 
might request that the court documents be sealed. But we were 
able to work pretty well getting court orders before there was 
ever a FISA court was my understanding.
    Mr. Jaffer. Actually, Mr. Chairman, prior to 1972, for any 
national security investigation, or many, they were done 
without court approval, without warrants. And the United States 
Supreme Court in the Keith case, 1972, said when it is a 
domestic security threat, there has to be a warrant.
    Left a footnote was not deciding foreign security threats. 
Even if it is a U.S. citizen, but associated with a foreign 
power that is threatening to the United States. And the lower 
courts consistently held that the President could conduct 
warrantless surveillance for foreign intelligence purposes even 
of U.S. citizens and that the fruits of that surveillance could 
later be used in a criminal prosecution, even if it hadn't been 
supported by a warrant.
    That is what the lower courts held. Of course, that did 
lead to abuses because the executive is making determinations 
about what he thought was a foreign threat, and lines were 
crossed and abuses occurred. That is why Congress and the 
executive branch reached a compromise in 1978 and created the 
FISA process to involve Article III judges in the review and 
approval of those surveillance orders and also involve the 
Congress through the creation of the Special Intelligence 
Committees for oversight, which hadn't occurred before.
    And so, we have this compromise situation where the 
branches have come together to involve all three branches. And 
of course, limitations were discovered after 9/11. A lot of 
debate occurred, and ultimately, Section 702 was passed in 2008 
to enable a very broad programmatic order for foreign 
collection directed at non-U.S. persons outside the United 
States.
    Mr. Gohmert. And that is a great distinction because I know 
in my freshman term, '05 and '06, what we were told is this is 
only for you have to be a foreign agent, a foreign individual. 
And as long as it is an American citizen here on American soil 
with distinction for American citizen where intelligence 
gathering in another country didn't violate local law. There 
were all those distinctions being discussed.
    But even through all of that, my experience with 
conservative and liberal judges would have indicated that you 
wouldn't have an order from a judge under our Constitution that 
requires specificity as to a place and information be gathered 
that would say something like this order from this court does. 
All call detail records between the United States and abroad or 
wholly within the United States, including local telephone 
calls.
    I think that pretty much covers everything. I see no 
specificity here. Oh, yes, just get all the records. And you 
should be comforted by the fact that you can get this stuff. It 
is okay.
    So I am just concerned. I have now seen the incredible 
abuse by the FISA court, in my opinion, and I am just wondering 
if we are better off going to a system where we don't require a 
FISA court. There is not this Star Chamber. What would be 
another alternative?
    And that will be my last question.
    Ms. Martin. If I might, Mr. Gohmert? I think that the 
original conception of the FISA court was quite limited and 
perhaps quite useful, which was that it would act as a kind of 
usual court in issuing a warrant, right, which is always done 
ex parte. Because the search that the FISA court was going to 
authorize--which had to be particularized--had to be based on 
probable cause, was never going to be revealed, Congress set up 
secret procedures for doing that.
    But it was always recognized that what we are talking about 
is searches and seizures of Americans. And now the Government 
has taken the concept of a FISA court to kind of, in my view, 
put a fig leaf on a totally different kind of collection 
directed at Americans. It is not particularized. It is totally 
in secret. And that includes the 702 program, which----
    Mr. Gohmert. Right.
    Ms. Martin. And so, you need to go back to the drawing 
board about are we really going to have unparticularized 
collection that is intended and does collect information about 
Americans?
    Mr. Gohmert. Well, let me tell you we have got votes coming 
up in just a few minutes. And so, I want to get to people who 
want to ask questions.
    But I would ask the witnesses if you have any proposals, if 
you could provide that in writing to us, any alternatives, any 
major changes, because I think this justifies major changes.
    And with that, who is next? Okay. Recognize the gentleman 
from New York, Mr. Nadler.
    Mr. Nadler. Thank you.
    Mr. Jaffer, various Administration officials have used 
comparison of Section 215 authority to what can be obtained 
through a grand jury subpoena, something we expressly include 
in the statute itself as a limiting principle. Are you aware of 
any examples where by virtue of grand jury subpoena, law 
enforcement has been able to engage in the type of ongoing bulk 
collection, what you described as dragnet collection of 
information done under Section 215?
    Mr. Jaffer. No, not even close.
    Mr. Nadler. Mr. Baker, are you aware of any such?
    Mr. Baker. There are plenty of subpoenas for massively 
overbroad collections of data so that the Government can be 
comfortable that it has gone through everything that might be 
relevant.
    Mr. Nadler. There are subpoenas, grand jury subpoenas for, 
in effect, everything in the world without being specific, all 
metadata?
    Mr. Baker. Addressed to a particular case or database, 
there are plenty of cases where a single database has been 
subpoenaed.
    Mr. Nadler. No, a single database. But has there ever been 
a grand jury subpoena that says let us see the outside of every 
postcard or letter sent in the United States? Or let us see the 
phone numbers of everybody who called anybody in the United 
States?
    Mr. Baker. So if I could go back to an example that the 
Chairman mentioned, as a practical matter, every flight that 
comes into the United States, every travel reservation on that 
flight is provided to the Government by the carrier, every 
single one.
    Mr. Nadler. Has there ever been--has there been a subpoena 
for every flight record in the United States?
    Mr. Baker. Every flight record coming into the United 
States, yes.
    Mr. Nadler. A subpoena for every flight record?
    Mr. Baker. No. It is under a law passed by the United 
States Congress that says you must provide this information to 
the Government so it can search for terrorists.
    Mr. Nadler. You must provide the name of every individual 
on every flight?
    Mr. Baker. Yes. That was passed in 2002, and it has been 
enforced.
    Mr. Nadler. And that is a subpoena?
    Mr. Baker. And it has caught a lot of terrorists.
    Mr. Nadler. Excuse me. That was a subpoena?
    Mr. Baker. No.
    Mr. Nadler. That is a law?
    Mr. Baker. It was a law.
    Mr. Nadler. Well, that is a little different from a 
subpoena.
    Okay. Mr. Bradbury, you talk about how the metadata that is 
acquired and kept under this program can be queried when there 
is responsible suspicion, as if that meets the statute. The 
statute talks about collection. You seem to be talking about 
query. There is a difference between collection and query.
    Mr. Jaffer, let me ask you this. Does the Fourth Amendment 
talk to collection or to queries?
    Mr. Jaffer. Collection.
    Mr. Nadler. Collections. So a broad--okay. Let me go to the 
next question because I have a bunch quickly.
    Mr. Jaffer, you talked--Mr. Baker, rather, you talked about 
Section 702, as the discussion of Section 702 has really hurt 
us because it has told the Europeans and everybody else what we 
are doing for foreigners. But nothing, as I think you point out 
in your testimony, too, nothing that we have learned about 
Section 702--I can't think of anything we have learned about 
Section 702 from Mr. Snowden--or however you pronounce his 
name--that wasn't included in the debate in 2008 on Section 
702, when we knew we were going to be collecting across the 
board on everybody.
    And the question in that debate was--and I thought the 
resolution of that debate was inadequate, which is why I voted 
against it--how were we going to protect Americans against 
being caught up? And this is what we have been talking about.
    But the assumption there was that foreigners have no 
constitutional right and no privacy rights. And we can get all 
the information on them anyway. So how is this information now 
harmful in a way that the congressional debate wasn't?
    Mr. Baker. I think that the congressional debate seeded 
what we are now seeing. It is a cost. It is a cost of having 
the debate we are having, and my point here is that Europe will 
extract that cost from companies that did nothing but their 
obligation under the law.
    Mr. Nadler. But they would have extracted that cost just 
because of the congressional debate, if they were paying 
attention.
    Mr. Baker. What I say is that this Congress and this 
Administration has an obligation to stand between those 
companies and----
    Mr. Nadler. That is a separate discussion, and that may be. 
But--okay. Ms. Martin, how can we--how can Congress solve the 
problem? We have a basic problem.
    Every challenge to abuse of constitutional rights by the 
Bush administration and the Obama administration has been met 
in the same way. Either the use of the state secrets doctrine 
to say you can't go to court on that. The subject matter of the 
discussion is a state secret. Therefore, move to dismiss the 
case ab initio. Or you have no standing because you cannot 
prove that you personally were harmed by this.
    Now Mr. Snowden may have done a public service in giving 
some people standing by proving that they were harmed by this 
because anyone who is a Verizon subscriber arguably can now go 
into court and say that. How can we deal with these two 
problems that an Administration, any Administration can violate 
constitutional rights from here to kingdom come, subject to no 
court review because of either the state secrets doctrine or 
the standing problems because they don't admit what they are 
doing in the first place. It is secret.
    It is secret what we are doing to you. Therefore, you have 
no standing because you can't prove what we are doing to you.
    Mr. Gohmert. The time has expired, but you may answer 
briefly.
    Ms. Martin. Well, I think one key way of doing it, which is 
outside the court system, is for the Congress to insist that 
the Administration disclose all that information. The 
Government then won't be able to claim state secrets because it 
has disclosed the information.
    Mr. Nadler. Disclose what information?
    Ms. Martin. Disclose the information about what it has done 
and who it has done it to, right? And something like that did 
happen and is happening in the context of the violations of the 
laws against torture, and that helps in creating a consensus 
that we know the Government violated the law.
    We have some kind of public debate about what the 
Government shouldn't do, and whether or not we end up with an 
individual remedy in the court is a question that I would be 
glad to think about some more. I know there are now five 
lawsuits seeking individual remedies that have a better chance 
than they did before, but they all depend upon public 
disclosure by the Administration of information.
    Mr. Nadler. Or by Mr. Snowden or somebody else.
    Ms. Martin. Well, that is more difficult because then the 
Administration claims state secrets.
    Mr. Gohmert. We are going to have to--in order to get the 
other two Democrats and one Republican left, we are going to 
need to move on. But I would ask if you have additional 
information, if you would prove that in writing in response to 
that question.
    And now at this time, we yield 5 minutes to the gentleman 
from Idaho, Mr. Labrador.
    Mr. Labrador. Thank you, Mr. Chairman.
    Mr. Jaffer, I am trying to figure out how we got from Smith 
v. Maryland to the moment that we are at today. Can you try to 
explain to me what exactly maybe the proponents of these laws 
and the interpretation of these laws are trying to say because 
I am not following Smith v. Maryland very well. I have read it 
a couple of times.
    Mr. Jaffer. Right.
    Mr. Labrador. But I am not sure that you can get to the 
collection of metadata all over the United States.
    Mr. Jaffer. Well, I think that there is a vast chasm 
between Smith and the kind of surveillance that is going on 
now. Smith was a case about a specific criminal investigation. 
It was a pen register installed on one person's phone for 2 
days.
    We are now talking about 7 years of surveillance of every 
American's phone calls. So I don't think it is a serious 
argument to say that Smith justifies what the Government is 
doing now. I think that the more relevant case is Jones, which 
was decided just last year. A 9-0 court found that the tracking 
of individuals' location over the long term constituted a 
search under the Fourth Amendment, and even in Jones, the 
surveillance was narrower and shallower than the kind of 
surveillance we are talking about today.
    Mr. Labrador. And they said that the tracking of 
individuals over a long period of time resulted in a search and 
seizure. Can you explain why they said that? Because there is 
now an argument that collecting all this data actually gives 
you very personal information about the individual.
    Mr. Jaffer. That is right. Sometimes we talk about metadata 
as if it is less sensitive, and that is not really true. Using 
this kind of metadata, in Jones, for example, the court noted 
that you could, just tracking somebody's location over a long 
period of time, you could draw all sorts of accurate 
conclusions about their medical history, about their intimate 
relationships, about their professional life, about their 
personal life.
    And the same is true of phone calls. If the Government has 
access to your call records over a long period of time, the 
Government can draw all those conclusions in the same way.
    Now that is not to say that the Government should never 
have access to the phone records. There are circumstances in 
which the Government has to have that access, but we just want 
to make sure that that is limited to cases, specific cases in 
which the call records are, in fact, relevant to an 
investigation.
    Mr. Labrador. And in Smith v. Maryland, there was a 
specific reason why it was relevant. Correct?
    Mr. Jaffer. That is correct. Even in Jones, there was that 
specificity.
    Mr. Labrador. Okay. So because what concerns me is that, I 
think as a Government official, as a legislator, I would like 
to stop gang membership, for example, or I would like to stop 
child pornography, or I would like to stop bank robberies. And 
I could maybe pass a law that would require the Government to 
collect everybody's data, right, everybody's metadata so we can 
stop those crimes. What do you think about that, Ms. Martin?
    Ms. Martin. I think that is the proven solution of 
countries like the Soviet Union and China.
    Mr. Labrador. Exactly.
    Ms. Martin. I mean, and I think there have actually been 
studies showing that you can stop crime by that kind of 
government surveillance and collection.
    Mr. Labrador. So, Mr. Baker, what is the difference? I want 
to stop all these crimes, and I would think that everybody in 
this Congress would think that that would be inappropriate for 
me to pass a law that would allow me to collect all the 
metadata of every American so I could stop child pornography.
    What is the difference between that and what is happening 
here in this instance?
    Mr. Baker. We are responding, in the case of the 215 
programs, to the fact that there is a well-organized, offshore 
conspiracy seeking to carry out attacks on us.
    Mr. Labrador. I understand that, but--and I agree with 
that. And that is why maybe I don't have as much problem with 
the 702 program.
    But you are collecting the data or the Government is 
collecting the data of American citizens and saying that it may 
become relevant after we collect it. Why not just collect the 
data of every American because it might become relevant in a 
child pornography case later?
    Mr. Baker. All of these searches, there is really two 
issues here. First, is it a search at all? And Smith suggests 
it isn't. And if it is a search, is it reasonable? And that 
depends in part on the nature of the justification and the 
problem that you are trying to solve.
    In this case, we are trying to solve a problem that 
requires classified tools and is a national security threat. 
That is different from trying to stop bank robberies, frankly.
    Mr. Labrador. Well, and I just find it fascinating that the 
author of the PATRIOT Act and most of the Members of Congress 
who voted for the PATRIOT Act had no idea that the Government 
would go to these lengths to collect data. And I hope that we 
can continue to have these hearings.
    Thank you very much for being here.
    Mr. Gohmert. The time has expired. Thank you very much.
    Mr. Labrador. I yield back my time.
    Mr. Gohmert. I yield to the gentleman from Virginia, Mr. 
Scott, for 5 minutes.
    Mr. Scott. Thank you, Mr. Chairman.
    I know we are trying to get three Members in in this very 
short period of time. So let me just pose a question for Mr. 
Jaffer real quick.
    I am interested in what you can do with the data after you 
have gotten it. There is a real question as to whether you have 
the legal authority to get all the phone calls. But after you 
have got it, we found out in a DNA case that if you get 
someone's DNA legally and you find out it is not them, you can 
still run that DNA through the database without any probable 
cause, no articulable suspicion, anything. You have the data, 
and you can use it.
    What is the limitation on the data after you have acquired 
it? Now they say you have to have articulable suspicion to 
query the data that you have obtained. But the Section 215 
doesn't require any such limitation. It just tells you to 
describe what you are getting. This seems to be a little 
gratuitous policy, not a limitation by statute.
    And so, can you say a word about where the limitation is 
after you have gotten the data what you can do with it?
    Mr. Jaffer. Well, on the 215 program, we don't have the 
Government's minimization procedures. They haven't been 
released.
    Mr. Scott. Well, let me just--and the minimization 
procedure specifically has--the witness before was a little 
murky on this--has--specifically has a criminal justice 
exception. So running a criminal justice investigation with 
data you now have can be done without articulable suspicion or 
probable cause or anything. You just go look to see, as the 
gentleman was suggesting, who has been committing gang crimes.
    You got a gang member, you can spin his little thing around 
to find out who he is talking to. Is there a limitation on what 
you can do after you have gotten it?
    Mr. Jaffer. No, almost certainly not. And we know that that 
the limitations are very weak because we have seen the 702 
minimization procedures. Those were disclosed.
    And if they are any guide, I think it is safe to assume 
that the 215 procedures don't protect Americans' privacy.
    Mr. Scott. Now if you were running a criminal investigation 
without probable cause by virtue of getting information in the 
hands of the FBI, and we have removed that firewall that used 
to be there, what would be the sanction against improperly 
using that information? Would the exclusionary rule kick in?
    Mr. Jaffer. Well, I don't think we will ever know because 
the Government doesn't notify criminal defendants that it is 
using these kinds of surveillance programs.
    Mr. Scott. Would fruit of a poison tree kick in?
    Mr. Jaffer. Well, it would if the Government disclosed. But 
it doesn't disclose. It keeps it secret from criminal 
defendants, and this is one of the things that we have been 
very frustrated with is that the Government told the Supreme 
Court that criminal defendants would be notified when 
information was introduced against them derived from these 
programs. And it is not, in fact, giving that kind of notice.
    Mr. Scott. Thank you.
    Mr. Chairman, as a courtesy to my colleagues, I will yield 
back at this time.
    Mr. Gohmert. Thank the gentleman from Virginia.
    At this time, I will yield to Mr. Johnson for 5 minutes.
    Ms. Jackson Lee. Mr.--excuse me, Mr. Gohmert. This is 
regular order.
    Mr. Gohmert. Okay. Well, I was just going by the list that 
the clerk gave me here.
    Ms. Jackson Lee. The list goes from the beginning of the 
Committee. I think Mr. Johnson knows.
    Thank you.
    Mr. Gohmert. Exactly. All right. Then we will yield 5 
minutes to my friend from Texas, Ms. Jackson Lee.
    Ms. Jackson Lee. I thank you very much.
    Let me just say that this has been not eye-opening, but it 
raises more questions than probably it gives answers. And I 
think I want to start immediately with the question, Mr. 
Jaffer, on the 215 PATRIOT Act, which grants the FBI broad 
authority, as we have seen in the previous hearing and what we 
have read, and could put and does put civil liberties at risk. 
From your perspective, what danger might occur or what would 
happen if we did not renew Section 215?
    Mr. Jaffer. Well, I think that is a good question to ask 
the Government. So far, they haven't been able to explain why 
the dragnet surveillance under this provision is actually 
necessary. They haven't been able to point to cases in which 
this particular surveillance program was crucial. I think it is 
a good question to put to them.
    But I would just say that while I think that your concern 
about 215 is totally justified, I think that the Committee 
ought to be concerned about 702 as well. And the Government 
keeps emphasizing that this is a program directed at people 
abroad, and that is true. But in the course of surveillance of 
people abroad, the Government is building huge databases of 
Americans' phone calls, not just the metadata. But the----
    Ms. Jackson Lee. So you are saying that reverse targeting 
is occurring, even though language put in the bill to not have 
that occur?
    Mr. Jaffer. I actually am not saying that the Government is 
violating the statute. I am saying that they are using the 
statute precisely as it was designed to be used, but the 
statute allows them to gather Americans' communications so long 
as they are not targeting a specific American.
    Ms. Jackson Lee. So to hold them until they believe 
something rises to the top?
    Mr. Jaffer. That is right.
    Ms. Jackson Lee. So it is sort of like storing in your 
Internet or storing pictures in your iPhone or something of the 
sort?
    Mr. Jaffer. That is exactly right.
    Ms. Jackson Lee. Let me to go Mr. Baker. You sat before 
Homeland Security a number of years. Thank you for your 
service. Thank all of you for your service. But you made the 
point that on your blog, that you thought that the FBI could 
have caught the people on 9/11, but there was too liberal--
civil liberties was too much in the way.
    What are you suggesting when the idea of 9/11 was, one, 
these were foreign nationals. So the FBI had opportunity to 
deal with them in the construct of our civil liberties, and it 
was basically connecting the dots or not finding out that guys 
were learning to take off and not land in a plane training 
place down in Florida. What civil liberties need to be violated 
in order to have protected us from 9/11?
    Mr. Baker. The problem is that there were two al-Qaeda 
operatives in the country for 2 weeks. We knew--the FBI, the 
CIA all knew they were here, but the FBI's task force that was 
organized for the Cole bombing, as I remember, was not allowed 
to go looking for them, even though they had by far the most 
resources of anybody to find them.
    And the reason they were not allowed to do it was because 
the FISA court had made up a doctrine that led to the wall that 
said we are going to keep law enforcement over here and 
intelligence over here and not allow them to talk. And out of 
fear that the FISA court would punish them for talking and for 
going to look for these guys, the Cole task force stood down.
    We lost our best chance to catch those guys at that time, 
and it was because the FISA court was so aggressively enforcing 
a doctrine that, frankly, it shouldn't have adopted in the 
first place, but which it adopted pretty clearly for civil 
liberties reasons.
    Ms. Jackson Lee. Well, let me ask your comment on that.
    Ms. Martin. I think the record is much more complex. There 
were many times that the Government dropped the ball when it 
might have stopped 9/11, and most of them had absolutely 
nothing to do with the law. The CIA, for example, knew for many 
months the names of the hijackers. They knew that they wanted 
to carry out an attack against the United States. They knew 
that they had gotten visas, and they didn't tell the FBI to go 
find those people inside the United States.
    And the wall had nothing to do with preventing the CIA from 
telling the FBI to go find known al-Qaeda terrorists in the 
United States. The record is just much more complicated than 
Mr. Baker is making it out.
    Ms. Jackson Lee. Well, let me just finish. So let me just 
make this comment. Maybe I will be short of the red light.
    One, I maintain that we have too many contractors unknown 
and unbeknownst in the intelligence community. I thank them for 
their service, but they need to rein in this rampant 
proliferation of contracts, even though the Government tried to 
defend its satellites as this, and really have a profound staff 
that is here in the United States Government.
    The last point is the FISA court can stand a lot of review. 
One, I think there should be something about the balance of 
Democratic appointed judges and Republican. But I also think 
the release of opinions should be something that we should be 
able to allow to the public and, therefore, find a way to rein 
in all of this.
    I yield back.
    Mr. Gohmert. Thank you.
    We have 4\1/2\ minutes left--4 minutes, 20 seconds left in 
the vote. So I yield to the gentleman for such time. Mr. 
Johnson?
    Mr. Johnson. I will be brief. Thank you, Mr. Chairman.
    Section 702, collecting foreign data, intelligence data, 
metadata content of communications, and so forth. Is that 
correct?
    Mr. Jaffer. Not quite. Section 702 is surveillance directed 
at people outside the United States, but it is surveillance of 
Americans' communications with those people outside the United 
States.
    Mr. Johnson. Yes, and collection of the scope you don't 
disagree with. In other words, content metadata?
    Mr. Jaffer. That is right.
    Mr. Johnson. And minimalization procedures in place that 
perhaps may not be as stringent as they should. Perhaps. I am 
not saying that that is the case or not.
    But with respect to the data collected under 702 of 
Americans that are just incidentally caught up in foreign-to-
foreign communications or a foreign target that is 
communicating with someone in the U.S., who owns that data? Is 
it the person who initiates the call? Is it the person who 
accepts the call? Or is it both or----
    Mr. Jaffer. My guess is----
    Mr. Johnson. Or is it the provider, the service provider 
who owns the data?
    Mr. Jaffer. I think that Americans have a reasonable 
expectation of privacy in their international communications.
    Mr. Johnson. Have there been court cases specifically on 
that point?
    Mr. Jaffer. Yes. On the content of communications, yes.
    Mr. Johnson. Yes. Okay. So now, I would submit that when 
you are talking about surveillance, when you look at the 
definition of the word ``surveillance,'' it includes keeping a 
close watch on people or things. And so, you can surveil a 
thing. That thing may not have a constitutional right, but a 
person certainly does.
    I think we should make or I think we should be prepared to 
distinguish between surveillance, what kind of surveillance we 
are talking about. That is a term that kind of gets everybody 
excited.
    That is about really all I have to say. Anybody got any 
comments about that?
    [No response.]
    Mr. Johnson. I will yield back, Mr. Chairman.
    Mr. Gohmert. The time has been yielded back. And at this 
time, this concludes today's hearing.
    Thanks to all of our witnesses for attending. We know it 
has been a long day for you, and we appreciate you bearing with 
it. It is an important subject. It is only our future, our 
security, and our privacy.
    So thank you, and we look forward to your comments that we 
anticipate receiving back in writing, things that you wished 
you had said or wanted to say, and to direct us. So thank you 
very much.
    Without objection, all Members will have 5 legislative days 
to submit additional written questions for the witnesses or 
additional materials for the record.
    This hearing is now adjourned.
    [Whereupon, at 2:32 p.m., the Committee was adjourned.]
                            A P P E N D I X

                              ----------                              


               Material Submitted for the Hearing Record

    Questions for the Record submitted to James Cole, United States 
 Department of Justice; Robert S. Litt, Office of Director of National 
 Intelligence; John C. Inglis, National Security Agency; and Stephanie 
                 Douglas, FBI National Security Branch*
---------------------------------------------------------------------------
    *The Committee had not received a response to these questions at 
the time this hearing record was finalized and submitted for printing 
on December 12, 2013.







                                

     Response to Questions from the Hearing from Stewart A. Baker, 
                         Steptoe & Johnson, LLP




                                

       Response to Questions for the Record from Jameel Jaffer, 
                 American Civil Liberties Union (ACLU)







                                

       Response to Questions from the Hearing and for the Record 
         from Kate Martin, Center for National Security Studies













                                 
